[strongSwan] How to protect all traffic using strongswan?

Sarat Vajrapu saratvajrapu1 at gmail.com
Mon Jul 11 18:10:35 CEST 2016

Hi All,

Can you please provide inputs on this?


On Tue, Jul 5, 2016 at 5:40 PM, Sarat Vajrapu <saratvajrapu1 at gmail.com>

> Hi All,
> I am new to strongswan and trying to protect host-host traffic using ipsec
> tunnel mode. However I observe that only the traffic between endpoints are
> protected and not complete traffic.
> *Strongswan Version*: Linux strongSwan U5.3.2/K3.12.19-rt30
> *Topology*:
> <<<<<LAN1>>>> ------- GW_A <---------- internet---------------> GW_B
> -------------------- <<<<<LAN2>>>>>>
> *Requirement:*
> To protect all traffic from LAN1 to LAN2 and vice versa. LAN<> can have
> many subnets.
> *Current setup:*
> I brought a IPsec with tunnel mode between GW_A and GW_B.
> My understanding is that when tunnel mode is enabled, the LAN traffic will
> be protected by adding outer headers(GW_A, GW_B) but I see that the LAN
> traffic is going in cleartext. The traffic with only <src:GW_A,dst:GW_B>
> and vice versa are protected.
> As there are many subnets and they are dynamic, its not feasible to
> configure many left/right subnets.
> Can you please help me with this - any config addition/any change in
> routing table?
> Regards,
> Sarat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160711/d6c42a3c/attachment.html>

More information about the Users mailing list