[strongSwan] Setup site-to-site VPN via central server

Martin Sand dborn at gmx.net
Fri Jul 8 23:18:36 CEST 2016

Hi all. I am searching the internet for days to find some information on 
how to setup a site-to-site VPN via a central server.
Maybe someone can point me in the right direction or to the right HowTo?

We have two home networks running on OpenWRT routers with dynamic IPs 
and I have a virtual server on the internet with Strongswan. 
Authentication is done via Certs/Keys. -- (gateway/nat) == vpn.example.org == (gateway/nat)--
vpn.example.org has a static ip address and a network card.

There are basically 2 separate questions:
1. Do I need to setup ip route on vpn.example.org?
2. What are the right iptables to route traffic from the two home 
networks to each other?

Maybe there are other solutions for this problem.
But since I did not find so many solutions on the Internet I am 
particular interested in this solution.
Alternatively I could use DynDNS on both gateways, but this would be too 
easy, wouldn't it?

Best regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160708/9c468697/attachment.html>

More information about the Users mailing list