[strongSwan] How to tunnel traffic towards the public IP of the remote gateway?

Noel Kuntze noel at familie-kuntze.de
Thu Apr 16 18:14:14 CEST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

Yes, use %dynamic in rightsubnet as follows: rightsubnet=foo,bar,%dynamic

If you use use IKEv1, you need to define several SAs for each combination of subnets.
For IKEv2, the mentioned combination would be just fine.

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 16.04.2015 um 18:09 schrieb Tiago Vasconcelos:
> My understanding is that only traffic towards the subnets declared in:
>
>     rightsubnet
>
> is tunnelled and, therefore, encrypted. Whereas traffic towards the IP address of the remote gateway declared in:
>
>     right
>
> is routed outside of the tunnel.
>
>
> Example:
>
>     Gateway Sun address (WAN-facing): 120.121.122.123  (fictitious)
>     Subnet behind Sun eth1 (LAN-facing): 192.168.90.0/24 <http://192.168.90.0/24>
>
>     Traffic traffic with a destination IP of 192.168.90.1 is tunnelled.
>     But SMTP traffic with a destination IP of 120.121.122.123 is not tunnelled.
>
> In the Cisco world it's apparently possible to tunnel non-IPsec traffic towards the remote gateway public IP address.
> Can strongSwan do this as well?
>
>
>
> Tiago
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVL9/TAAoJEDg5KY9j7GZYj5EP/0Wwm9ynM/gXAl/d83e3P5ok
hTZYpJdkFCeSf+Ec0aTq8e2fcJ10qjiCbwO8fx/S0tcCIyWEVNOSd0k0CMJ149cZ
gUHyVmN6/8gkeAwhKv4zwp/aMSEc0KtzOM7QCzdkvU16alDLzujos8Txo1pQ1Cip
9+NYK0NujuqfbTowzPf39hYn+BwTY/u6fZHMup/tAddfjo5a647vQh4V8l6PqpcH
Q7kqP1Q6cALnOIMqjLcEMUKVLFLSSUW/fgycXZPpLklDHQYYKYM8f2OAelPoACab
78RsjGDrYp6i3nIcNwSgoqB9SEf8wA4zP577Lb17z4/IWxxtmhzwkUkQ3ViQ35on
KHm2JHWeGN13es1jt6BvsHQhUujUEooHI9C/tx1Z3l4JrGariraIuofS33+LvTAJ
xVsMSHlruMAmuYlDte0Ws5OgbuMnTNrmTXPeGc7UYj9OYFXHa62Piy6Y5fPXTskb
VpD09nutXIOHHl//5LJRnMBXOprtCaCA3ueM6Jx1zKjHZhw2QKxCcU55I8Ptbu0W
oESthX0wfXU6rkkgllmVApmZtj1eRCQobyRwqcqykcEITOHb8MFw7b0S26gsPfrb
GX8c21tvcVrSvz4eA10FTVeu7vTYJRwtdqdy58hO+Ct2E9cP3SvWL+ieDa+OxFwL
5iOCFK5/sCaU+HOViCUC
=rh5W
-----END PGP SIGNATURE-----

More information about the Users mailing list