[strongSwan] How to protect all traffic using strongswan?
Sarat Vajrapu
saratvajrapu1 at gmail.com
Fri Jul 22 13:44:27 CEST 2016
Hi,
Any inputs on this would be appreciated.
Regards,
Sarat
On Mon 11 Jul, 2016, 9:40 PM Sarat Vajrapu, <saratvajrapu1 at gmail.com> wrote:
> Hi All,
>
> Can you please provide inputs on this?
>
> Regards,
> Sarat
>
> On Tue, Jul 5, 2016 at 5:40 PM, Sarat Vajrapu <saratvajrapu1 at gmail.com>
> wrote:
>
>> Hi All,
>>
>> I am new to strongswan and trying to protect host-host traffic using
>> ipsec tunnel mode. However I observe that only the traffic between
>> endpoints are protected and not complete traffic.
>>
>> *Strongswan Version*: Linux strongSwan U5.3.2/K3.12.19-rt30
>>
>> *Topology*:
>>
>> <<<<<LAN1>>>> ------- GW_A <---------- internet---------------> GW_B
>> -------------------- <<<<<LAN2>>>>>>
>>
>>
>> *Requirement:*
>> To protect all traffic from LAN1 to LAN2 and vice versa. LAN<> can have
>> many subnets.
>>
>> *Current setup:*
>> I brought a IPsec with tunnel mode between GW_A and GW_B.
>> My understanding is that when tunnel mode is enabled, the LAN traffic
>> will be protected by adding outer headers(GW_A, GW_B) but I see that the
>> LAN traffic is going in cleartext. The traffic with only
>> <src:GW_A,dst:GW_B> and vice versa are protected.
>> As there are many subnets and they are dynamic, its not feasible to
>> configure many left/right subnets.
>>
>> Can you please help me with this - any config addition/any change in
>> routing table?
>>
>> Regards,
>> Sarat
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160722/17652d57/attachment.html>
More information about the Users
mailing list