[strongSwan] How to protect all traffic using strongswan?
mirko.parthey at web.de
Mon Jul 25 15:09:24 CEST 2016
On Mon, Jul 25, 2016 at 03:25:24PM +0530, Sarat Vajrapu wrote:
> Hi Mirko,
> Thanks for the reply.
> I created loopback interface on each gateway and below is the required info:
Thank you for posting your configuration.
Please take a look at this example:
It could be a starting point for you to arrive at a working setup.
But it may not work in your environment because you have an unusual
network configuration, which we need to understand first.
That's why I would like to ask you a few more questions.
Where would the machine with IP address 10.1.1.1 be located in your diagram?
I don't see any public IP addresses on your gateways, how do they connect
to the internet?
When a host on LAN1 communicates with the public internet in cleartext,
is this traffic guaranteed to go through Gateway A?
How about communication from LAN1 to LAN2, is it guaranteed to go through
Do these kinds of traffic enter and leave Gateway A through the same
> LAN<> can have many subnets.
Are there any routers between LAN1 and Gateway A,
or between LAN2 and Gateway B?
Can you provide examples of the IP address ranges used in LAN1 and LAN2?
Please provide the output of:
# ip address show
# ip route list
for gateways A and B and for an example host each on LAN1 and LAN2.
> GW_A#ping -I 126.96.36.199 188.8.131.52
> PING 184.108.40.206 (220.127.116.11) from 18.104.22.168 : 56(84) bytes of data.
> 64 bytes from 22.214.171.124: icmp_seq=1 ttl=64 time=1.42 ms
> 64 bytes from 126.96.36.199: icmp_seq=2 ttl=64 time=0.257 ms
> 64 bytes from 188.8.131.52: icmp_seq=3 ttl=64 time=0.271 ms
For testing your tunnel, please use hosts on LAN1 and LAN2 separate from
This ensures you test what you intended and not something else.
If you don't need the 184.108.40.206 and 220.127.116.11 addresses for other purposes,
please remove them and restore your previous loopback config.
More information about the Users