[strongSwan] How to protect all traffic using strongswan?

Sarat Vajrapu saratvajrapu1 at gmail.com
Tue Jul 5 14:10:43 CEST 2016

Hi All,

I am new to strongswan and trying to protect host-host traffic using ipsec
tunnel mode. However I observe that only the traffic between endpoints are
protected and not complete traffic.

*Strongswan Version*: Linux strongSwan U5.3.2/K3.12.19-rt30


<<<<<LAN1>>>> ------- GW_A <---------- internet---------------> GW_B
-------------------- <<<<<LAN2>>>>>>

To protect all traffic from LAN1 to LAN2 and vice versa. LAN<> can have
many subnets.

*Current setup:*
I brought a IPsec with tunnel mode between GW_A and GW_B.
My understanding is that when tunnel mode is enabled, the LAN traffic will
be protected by adding outer headers(GW_A, GW_B) but I see that the LAN
traffic is going in cleartext. The traffic with only <src:GW_A,dst:GW_B>
and vice versa are protected.
As there are many subnets and they are dynamic, its not feasible to
configure many left/right subnets.

Can you please help me with this - any config addition/any change in
routing table?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160705/ee4a6227/attachment.html>

More information about the Users mailing list