[strongSwan] How to protect all traffic using strongswan?
saratvajrapu1 at gmail.com
Fri Jul 22 13:44:27 CEST 2016
Any inputs on this would be appreciated.
On Mon 11 Jul, 2016, 9:40 PM Sarat Vajrapu, <saratvajrapu1 at gmail.com> wrote:
> Hi All,
> Can you please provide inputs on this?
> On Tue, Jul 5, 2016 at 5:40 PM, Sarat Vajrapu <saratvajrapu1 at gmail.com>
>> Hi All,
>> I am new to strongswan and trying to protect host-host traffic using
>> ipsec tunnel mode. However I observe that only the traffic between
>> endpoints are protected and not complete traffic.
>> *Strongswan Version*: Linux strongSwan U5.3.2/K3.12.19-rt30
>> <<<<<LAN1>>>> ------- GW_A <---------- internet---------------> GW_B
>> -------------------- <<<<<LAN2>>>>>>
>> To protect all traffic from LAN1 to LAN2 and vice versa. LAN<> can have
>> many subnets.
>> *Current setup:*
>> I brought a IPsec with tunnel mode between GW_A and GW_B.
>> My understanding is that when tunnel mode is enabled, the LAN traffic
>> will be protected by adding outer headers(GW_A, GW_B) but I see that the
>> LAN traffic is going in cleartext. The traffic with only
>> <src:GW_A,dst:GW_B> and vice versa are protected.
>> As there are many subnets and they are dynamic, its not feasible to
>> configure many left/right subnets.
>> Can you please help me with this - any config addition/any change in
>> routing table?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users