[strongSwan] Send some of the internet traffic through the tunnel

Gergely Horváth gergely.horvath at inepex.com
Tue Oct 8 19:38:40 CEST 2013

Hello again,

I've managed to fix some issues in our network. Here is a quick overview
of the current situation:
                   A                B               R
                Internet         Internet        Internet
                   |                |               |
Server ---LAN--- VPN A ==tunnel== VPN B ---LAN--- Router
 .2.1            .13.1            .214             .200         

This is how a packet should travel:
1. Internet R -> Router
2. Router -> VPN B
3. VPN B -> VPN A (into the tunnel)
4. VPN A -> Server

And then the reply should go back the same way:
5. Server -> VPN A
6. VPN A -> VPN B
7. VPN B -> Router
8. Router -> Internet R

Between the Router and the Server the communication is working fine. It
is beacause the IPSec tunnel is configured to have the
network on the left and the on the right and both the
Server and the Router know that the gateway is the VPN A and B on each
side. If I try to proxy Internet R traffic to the Server, it also works
- but id really does not make a difference, as the packet will travel
with a source address of the Router.

When I try to communicate with the Server from the Internet R address,
the Router gets the packet, forwards it (transparently - so the sender
address stays a public IP) to the VPN B host, but it does not put the
packet inside the tunnel.

How can I make it do that?

Üdvözlettel / Best regards
Gergely Horváth | gergely.horvath at inepex.com
http://inepex.com | IT Development and Location Based Services
http://inetrack.com | The customizable fleet tracking platform

More information about the Users mailing list