[strongSwan] roadwarrior as gateway, possible?
noel at familie-kuntze.de
Tue Dec 23 19:48:28 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
You do not need a virtual IP. Route 10.0.0.0/0 == 0.0.0.0/0 throught the tunnel
and use a passthrough policy of 10.0.0.0/0 == 10.0.0.0/0 to allow local traffic.
Make the hosts in the LAN use your old notebook as gateway for the default route
and it will work. I did that here at my place and it works just fine.
See  for some explanation on getting routing to work.
Mit freundlichen Grüßen/Regards,
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 23.12.2014 um 02:47 schrieb Zesen Qian:
> Hi all,
> I 'm configuring a special roadwarrior and I'm quite new to IPsec world,
> so plz correct me if I'm wrong. :-)
> I want to config it in such way:
> 0. Riaqn-Laptop is my old laptop acting as gateway in my home, the lan
> is 10.0.0.0/24, and the external IP is dynamically allocated.
> Riaqn-VPS is VPS, which has a static IP(that Riaqn-Laptop can
> connect to).
> 1. Laptop as initiator, VPS as responder. Once the connection is
> established, Laptop give the VPS a virtual IP in 10.0.0.0/24 (just as
> the local lan machines). Does dhcp and farp plugin do the trick?
> 2. Then all outgoing traffic in the lan goes through IPsec, that is, if
> a normal computer in the lan connecting a outside server, the server
> should see the VPS's IP.
> Is it possible by strongswan? I 've seen lots of config examples on
> strongswan website, but none of which is like what I said. I have
> strugled for more than a week... BTW, is there any good article that
> explains about traffic selector/routing in IPsec(for a beginner)?
> Any comments is appreciated!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the Users