[strongSwan] Source routing with StrongSwan

Hoggins! hoggins at radiom.fr
Wed Dec 14 00:04:02 CET 2016


Thank you Noel

Le 12/12/2016 à 16:24, Noel Kuntze a écrit :
> Hello Hoggins,
>
> On 12.12.2016 14:47, Hoggins! wrote:
>> > How could I achieve this ?
> Not like how you tried.
> You either need to build a route based IPsec tunnel and then do policy based routing
> or use policy based ipsec, as you already do, together with marks and some iptables rules that mark traffic.
> The details are up to you to find out.

I... guess I would know how to do it, but pardon me, I couldn't find
what I need on the vast Internetz. I know how to mark packets and to
route them accordingly, but I might be missing something here, because
I'm still stuck at a point where iproute tells me that the remote
network is unreachable.

I know you're not here to provide a bunch of commands to help me get
started, but maybe just a "recipe" ? Something like "first, mark your
packets coming from blah and using bleh, then add a rule to handle
these, then... etc."

The thing is that I looked at the archives of this list and I found a
schema that you provided, showing the whole netfilter chains with IPSec
in the middle... but even then, I'm not sure I can successfully use that
information.

Thanks anyway !

    Hoggins!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 209 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161214/a0f247e1/attachment.sig>


More information about the Users mailing list