[strongSwan] Force a Linux process to route all traffic through IPsec tunnel

Artyom Aleksyuk artyom.h31 at gmail.com
Sun Jun 26 21:55:20 CEST 2016

Hi Sridhar,
Yes, remote currently acts as a road warrior. If there's any good solutions
that require my network to have another topology - feel free to suggest
your thoughts :) Note that a remote has the same IP address all the time
and is always connected.
I have a similar idea about a GRE tunnel. For example, make a GRE tunnel
within a dedicated network namespace and include the process to this
namespace. However, maybe there's something more elegant? For example,
using iptables to mark packets and make custom routes.

2016-06-26 21:04 GMT+03:00 pothuganti sridhar <pothuganti.sridhar at gmail.com>

> Hi,
> I have one Q. Is your deployment is like Server <-> Road warrior Client?
> OR normal site to site?
> But as per your explanation, your remote looks like to be a road warrior
> client. In this deployment, only the traffic destined to VIP of road
> warrior client is encrypted and will be sent to the remote. If you want to
> route your internet traffic through remote road warrior client, you need to
> establish one more tunnel like GRE in the IPSec tunnel. You need to
> encapsulate your IP traffic into the GRE and then into the IPSec tunnel.
> This might be a probable option foe your case.
> Regards,
> Sridhar
> On Sun, Jun 26, 2016 at 9:14 PM, Artyom Aleksyuk <artyom.h31 at gmail.com>
> wrote:
>> Hello.
>> I have an IPsec server running strongSwan which allows several remote
>> machines to access a local network (via FARP and DHCP plugins).
>> Also I have a remote machine with an IPsec client (strongSwan too).
>> I want to force one of the processes running on the IPsec server machine
>> to route all it's traffic through the IPsec client. It's still allowed to
>> access other machines in the LAN, but Internet traffic should go only
>> through the client.
>> How can I do this? A server runs Linux kernel version 3.10.
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160626/6a4a5544/attachment.html>

More information about the Users mailing list