[strongSwan] Routing traffic from veth pair to other veth pair in Namesapce

[Naveen Neelakanta]

Hi All,

I would like run strongswan in linux namespace between veth pair and
protect all the traffic from lan to wan traffic.I need some help in getting
routing between veth pairs of interfaces in the linux name space . I am
unable to route packets between to different veth pairs . I have the below
networking environment in my linux vm . eth0 & eth1 are two physical
interfaces on the Host, eth0 is used to access internet and eth1 is
connected to local Lan . i have a name space TEST in the host, where i have
created two veth pairs of interfaces. one of the veth pair( vlan0-vlan1) is
connected to eth1 to Namespace TEST and another veth pair ( vnet0-vnet1) is
connected to eth0 . vlan1 and vnet1 are in the same NameSpace TEST. i want
to route packets from vlan1 and vnet1 inside the name space, can this be
achieved. I have tried to add forwarding rules and iptables rules , but i
was not able to see packet from vlan1 to in vnet1.

I have used ovswitch to pull all lan packets from eth1 to vlan0 . I have
also added ovs rule to pull all the traffic from vnet0 to eth0 .

This are the below commands that i have used .

ip netns add TEST

ip netns delete TEST

ip netns exec TEST ip link set dev lo up

ip link add vlan0 type veth peer name vlan1

ip link set vlan1 netns TEST

ip netns exec TEST ifconfig vlan1 up 10.4.11.1

ifconfig vlan0 up

ip link add vnet0 type veth peer name vnet1

ip link set vnet1 netns TEST

ip netns exec TEST ifconfig vnet1 10.4.52.3 up

ifconfig vnet0 up

echo 1 > /proc/sys/net/ipv4/conf/vlan1/forwarding

iptables -A FORWARD -i vlan1 -o vnet1 -j ACCEPT

I see traffic on vlan1 but i can't forward traffic to vnet1 .

Can we route traffic from one pair of veth to other pair of veth in Linux
Name space.

Thanks ,

Naveen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160316/9ae25dba/attachment.html>