[strongSwan] Probably missing route entry in table 220
Eliguzel, Cem
cem.eliguzel at siemens.com
Thu Nov 5 14:13:52 CET 2015
Hi,
We have a system that serves both Ipsec and OpenVPN clients. For OpenVPN we have the following interfaces:
tun_tcp: 172.29.0.0/16
tun_udp: 172.30.0.0/16
And when I have the following swanctl configuration:
connections {
IPsec {
local_addrs = 172.31.254.129
local {
auth = pubkey
certs = srv.crt
id = 172.31.254.129
}
remote {
id = "CN=IPsec at 3.1"
auth = pubkey
}
children {
net {
local_ts = 11.11.11.0/24,172.30.0.0/16,172.29.0.0/16
remote_ts = 22.22.22.0/24
start_action = none
updown = /path/to/updown_script
esp_proposals = aes256-sha1-modp2048
life_time = 60m
}
}
version = 2
dpd_timeout = 120s
proposals = 3des-sha1-modp1024
}
}
I get the following entry in table 220:
22.22.22.0/24 via 172.31.254.128 dev eth0 proto static src 172.30.0.1
Which is OK but I think there must be another entry for tun_tcp interface like:
22.22.22.0/24 via 172.31.254.128 dev eth0 proto static src 172.29.0.1
Is there something wrong with my reasoning? What can I do to fix the issue?
Mit freundlichen Grüßen
Cem Eliguzel
Siemens Sanayi ve Ticaret A.S.
DF TI EVO TR
1000. Cd. 13. Sk. No: 1004 - Gebze
41480 Kocaeli, Türkei
mailto:cem.eliguzel at siemens.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20151105/f2b990f7/attachment.html>
More information about the Users
mailing list