[strongSwan] Add routes? (Was: Anyone got strongSwan working with Aruba Networks (as a Aruba VIA client)?)
Martin Willi
martin at strongswan.org
Mon Apr 28 11:10:05 CEST 2014
Jerry,
> But now I have a tunnel but no traffic is sent via it, is there some
> other mechanism you can add to get the routes automatically or how do I
> add my own routes for the networks on the other side to go through the
> tunnel?
With IPsec, the subnets on both sides are explicitly negotiated, and you
can forward traffic matching these subnets. Associated routes are
installed automatically by strongSwan, but they are just used to
properly find the associated tunnels, not to enforce policies.
Your config already has a rightsubnet=10.1.0.0/16, so you can access
these destinations through the tunnel. You probably want a leftsubnet as
well to define the subnets for your end; if omitted, you're limited to
your "external" IP you communicate with IKE.
[1] is certainly a good read to better understand forwarding in
strongSwan.
Regards
Martin
[1]https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
More information about the Users
mailing list