[strongSwan] How to protect all traffic using strongswan?
saratvajrapu1 at gmail.com
Mon Jul 11 18:10:35 CEST 2016
Can you please provide inputs on this?
On Tue, Jul 5, 2016 at 5:40 PM, Sarat Vajrapu <saratvajrapu1 at gmail.com>
> Hi All,
> I am new to strongswan and trying to protect host-host traffic using ipsec
> tunnel mode. However I observe that only the traffic between endpoints are
> protected and not complete traffic.
> *Strongswan Version*: Linux strongSwan U5.3.2/K3.12.19-rt30
> <<<<<LAN1>>>> ------- GW_A <---------- internet---------------> GW_B
> -------------------- <<<<<LAN2>>>>>>
> To protect all traffic from LAN1 to LAN2 and vice versa. LAN<> can have
> many subnets.
> *Current setup:*
> I brought a IPsec with tunnel mode between GW_A and GW_B.
> My understanding is that when tunnel mode is enabled, the LAN traffic will
> be protected by adding outer headers(GW_A, GW_B) but I see that the LAN
> traffic is going in cleartext. The traffic with only <src:GW_A,dst:GW_B>
> and vice versa are protected.
> As there are many subnets and they are dynamic, its not feasible to
> configure many left/right subnets.
> Can you please help me with this - any config addition/any change in
> routing table?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users