[strongSwan] Tunnel the traffic of router itself

Noel Kuntze noel at familie-kuntze.de
Mon Jan 12 19:47:06 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Zesen,

You need to include your public IP in the traffic selector.
Doing that might be tricky, if you have a dynamic IP.
The routes have nothing to do at all with what packets get tunneled. It's a policy based VPN,
not a route based one.

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 12.01.2015 um 15:23 schrieb Zesen Qian:
> Hello list,
> I 'm configuring strongswan of 10.0.0.0/24 === 0.0.0.0/0, and do a
> MASQUERADE on the other side.
> By now clients in the LAN(10.0.0.80) can see its traffic being
> tunnelled. Now my question is, is there any way to tunnel the traffic of
> router itself? Yes, if I send a IP packet with src=10.0.0.1 then it will
> be tunnelled, but consider a packet with src=22.22.22.22, which is the
> public IP of my router, it won't be tunneled?
> BTW, I noticed that StrongSwan will insert a route table with something
> like:
> # ip route list table 220
> default dev is0  proto static  src 10.0.0.1
> 10.0.0.0/24 dev enp0s29f7u2u4  proto static  src 10.0.0.1
>
> The src field seems to be related to my question, but I was told that it
> 's only a 'hint' to local bind() call, and won't have effect on packet
> already with a src field.
>
> Any comments is appreciated.
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUtBamAAoJEDg5KY9j7GZY1XMP/RrYr6hDHvkN7UiZ3VIYw1ST
84yLE8kA2K62GK6eKts59wwCahEsoPQgPy3yqAElBfC3+M7v2VM+Gg/0l5eBmRph
c3Znq15sj+Dqoy9Qbi4wDh7EjtSRz2rJpMxMRLxJbhv4Am6Wsd5cuvX1ln95jIeZ
ZFwZPvE8t855FJ/hD9UeAcR4SI7XuMpPx/zLfbXGzunQvk/8xWsIJ5MLQgAXgTdB
nuChTu4kQWP2hY4ernxXNBpzwBBXs8UIrHH9JmVRvLgQrhz/7+BrZmiSXShDvVw4
ViwVlgiUbtK5dJoCNjNhl079kjOFRn9bC1RLvhV6b8Ai8WGLDSNO884+dJGp6XzZ
bTDb3drTjpQPrM6w1x7BV2++T5n1VMXiWHDv3brArsL0pjR0HzbUyxrS/igClEg6
/7mQvI6dD2GNwfZnj7wpXHw59fdSl22JS4KP6oxjS4C2tj3ii2wXAtod+6VavgUq
DH+c//CotrbVjtnrYEZ4lJArrdkkXkP4Elz+gXT/tW74mrlwwx8MKh68Q77659Iv
sRTBmia0D6rQhsDV+3dNT4hsOp4UXgQj5OmVHNz9EwYQ2+NrxDTekWsr+PBvoL02
Td6CM3HCnPsTkRrAOnqUu67g3mFuB3ddJne+Umqjilmd9labjpe/zHVgo2a/CRLv
EKbHO/KWn4M6LBH6cHvI
=Rabt
-----END PGP SIGNATURE-----



More information about the Users mailing list