[strongSwan] client machine cannot talk to local LAN if VPN tunnel over the Internet is connected
Zhuyj
mounter625 at 163.com
Sat May 30 09:41:08 CEST 2015
This route should be inserted in route table 220
发自我的 iPhone
> 在 2015年5月30日,14:00,Alan Tu <8libra at gmail.com> 写道:
>
> Hmmm, I don't think this worked. The pre- and post-VPN routing tables
> are actually identical:
>
> $ route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 0.0.0.0 172.31.48.1 0.0.0.0 UG 0 0 0 eth0
> 172.31.48.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
>
> I then added a new route:
> # route add -net 172.31.48.0 netmask 255.255.240.0 gw 172.31.48.1 dev eth0
>
> New routing table:
> $ route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 0.0.0.0 172.31.48.1 0.0.0.0 UG 0 0 0 eth0
> 172.31.48.0 172.31.48.1 255.255.240.0 UG 0 0 0 eth0
> 172.31.48.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
>
> I still couldn't SSH to 172.31.63.211 while the VPN tunnel is up.
>
> Alan
>
>
>> On 5/30/15, Zhuyj <mounter625 at 163.com> wrote:
>> Check route, 0.0.0.0 is not good, a specific LAN is better
>>
>>
>> 发自我的 iPhone
>>
>>> 在 2015年5月30日,7:58,Alan Tu <8libra at gmail.com> 写道:
>>>
>>> Hello, I'm using Strongswan 5.3.0 to successfully connect a Linux
>>> machine to a VPN over the Internet. However, after I bring up the VPN
>>> tunnel, my client Linux machine cannot talk to other machines on its
>>> own LAN, even though it can talk to machines everywhere else on the
>>> Internet, as well as to machines on the VPN. Can someone give me a
>>> hint as to the solution?
>>>
>>> My client machine has IP address 172.31.59.36. The eth0 network
>>> interface has netmask /20. The pre-VPN routing table:
>>>
>>> $ route
>>> Kernel IP routing table
>>> Destination Gateway Genmask Flags Metric Ref Use
>>> Iface
>>> default gateway_hostname. 0.0.0.0 UG 0 0 0
>>> eth0
>>> 172.31.48.0 * 255.255.240.0 U 0 0 0
>>> eth0
>>>
>>> Post-VPN routing table:
>>> $ route
>>> Kernel IP routing table
>>> Destination Gateway Genmask Flags Metric Ref Use
>>> Iface
>>> default gateway_ip 0.0.0.0 UG 0 0 0
>>> eth0
>>> 172.31.48.0 * 255.255.240.0 U 0 0 0
>>> eth0
>>>
>>> Here are some potentially relevant lines from my ipsec.conf file:
>>> conn vpn
>>> type=tunnel
>>> aggressive=yes
>>> xauth=client
>>> left=%any
>>> leftid=keyid:...
>>> leftsourceip=%modeconfig
>>> right=[public IP of VPN gateway]
>>> rightsubnet=0.0.0.0/0
>>>
>>> After the Strongswan VPN connection is brought up, and the virtual IP
>>> is inserted into eth0, I cannot access other machines in the
>>> 172.31.x.x range. The VPN virtual IP addresses are in the 10.0.0.0/8
>>> range, so there is no apparent conflict. I think my root problem is
>>> something related to routing, but I don't know how to fix it. Because
>>> routing to local servers on the LAN no longer works, non-VPN DNS
>>> doesn't work either, which creates secondary problems.
>>>
>>> I test strictly IP connectivity with ssh:
>>> $ ssh user at 172.31.63.211
>>>
>>> If the VPN connection is up, this fails. If I bring down the
>>> connection ("ipsec down vpn"), SSH works.
>>>
>>> Can someone please help?
>>>
>>> Prior VPN solutions I've used set up a brand new interface, so I'm
>>> really stuck. I tried changing rightsubnet to 10.0.0.0/8 (the IP range
>>> of the VPN), but VPN connectivity fails altogether. Other ideas I have
>>> for a solution include inserting something into the routing table, or
>>> getting Strongswan to somehow create its own network interface, but
>>> I'm not sure. I'd appreciate some guidance towards a solution.
>>>
>>> Alan
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.strongswan.org
>>> https://lists.strongswan.org/mailman/listinfo/users
>>
>>
More information about the Users
mailing list