[strongSwan] Passthrough Connection
Christian Hanster
christian-hanster at gmx.de
Fri Sep 4 20:12:42 CEST 2015
I think I solved the problem. It was really a problem in the routing table.
When I add a rule like this:
sudo ip route add 10.1.13.0/24 proto static dev p5p1 src 10.1.13.1 table 220
It’s working like a charm. Because this is also the route strong swan wants to add and is failing (according to the log, this might be a bug?!). So should I fill a bug report?
Kind regards
Christian
> On 04 Sep 2015, at 20:01, Christian Hanster <christian-hanster at gmx.de> wrote:
>
> So the routing tables look like this:
>
> sudo ip rule list
> 0: from all lookup local
> 220: from all lookup 220
> 32766: from all lookup main
> 32767: from all lookup default
>
> sudo ip route list table 220
> 10.1.0.0/16 via 192.168.1.1 dev p4p1 proto static src 10.1.13.1
>
> ip route //that is the same as "ip route list table main” So this won’t be consulted when 10.1.13.0/24 packets are managed
> default via 192.168.1.1 dev p4p1
> 10.1.13.0/24 dev p5p1 proto kernel scope link src 10.1.13.1
> 192.168.1.0/24 dev p4p1 proto kernel scope link src 192.168.1.162
>
> So why shouldn’t I use policy based routing? I did not change anything like this…
>
> Kind regards
> Christian Hanster
>> On 04 Sep 2015, at 19:53, Noel Kuntze <noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>> wrote:
>>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Hello Christian,
>>
>> What does your main routing table look like? Do you use policy based routing?
>> $ ip route
>> AFAIK strongSwan parses the main table and maintains
>> its own table 220 to install rules and handle routing to remote subnets.
>>
>>
>> - --
>>
>> Mit freundlichen Grüßen/Kind Regards,
>> Noel Kuntze
>>
>> GPG Key ID: 0x63EC6658
>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2
>>
>> iQIcBAEBCAAGBQJV6dqZAAoJEDg5KY9j7GZYPlQP/2lVUv1dGheOgPFk4IX6OCBg
>> U1eNYiBdZSBBBJyQ6/xNnSbkODeXRKOm6FzhXpv4EjuIJyWwM4PCAiIhdxTdYxZp
>> 7lzksraJI5OfF7kJbVMsdN7ESmnk3SN25DJCh/OZNy28XL9YR0ckFyAyVL5X+sNJ
>> wKAep4XAYkKsvZTsqwm+XvWmkTTLuUwufKKY6PLcqhS8Burt3WoiEkUYluz5b/is
>> 96G58Gpd7H2MbALyg5gpKKRC3fgTF7dlOL49Ozlm5p59wXQcTl0CaXAfz4axnLHt
>> Ezo/1pzhEVbyOzBZpsVfcwR1Iki3jW1Tl7miVoKeTfr6XGfUvS2s81xQ9JdRfK1z
>> AVcb+y0CG304BI+/WlV2gJJKqp0QrKMtboHGQXaHc5wtXqiQB+9uwOQIath9939i
>> zQmnlysYAaveLOFI6/LohijCsE3lOcqWcWQ5KXaMk3nbGIiqg88Gl3uri90beQgW
>> RDx6Tepnir1GkMlK703GWG9N8DIzp92sUJjU9p9e0Ud0jL9LzNCNU8rfWIYkiDH4
>> hhi8WSkHD5vN9XF3B3e0koH+c5ola64oWMQaVQD2V0fCTGS3ZNRKaZ0NF4d4kQzE
>> ESvgKr8Dj/5HWmuHb8ULpxkMlReqcj+GhsxX7/5CBTUl2HgJsglLJPtPtqzjh2Ob
>> oN6W/r5gHMU0UUDpFHhY
>> =QNVc
>> -----END PGP SIGNATURE-----
>>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150904/e4d28805/attachment-0001.html>
More information about the Users
mailing list