[strongSwan] site to site vpn communicate with road warrior vpn

Ryan Bohn ryan at bohn.ca
Sat Mar 26 05:05:41 CET 2016


Hello,


I'm hoping someone can help me here.


I have a centos 7 Linux server running strongswan 5.3.2. I have two site-to-site vpn's configured successfully with IKEv2 as well and passing data as desired between their respective subnets and the subnet behind the centos server.


Centos server subnet (left side): 172.16.0.0/24


S2S 1 right subnet: 192.168.1.0/24

S2S 2 right subnet: 192.168.100.0/24


Additionally, I have a road warrior setup with IKEv2 with rightsourceip handing out an ip address dynamically to connecting clients. This is successfully working and I can connect to the subnet behind the centos server using this connection.


What I can't seem to be able to setup is the ability for the road warrior client vpn to be able to connect through the centos server to the two subnets on the far side of the two s2s connections. Leftfirewall is enabled for all connection settings and is creating the firewall rules.


The righsourceip for the road warrior is set to 172.16.254.0/24 and its handing out 172.16.254.1/32 to my client.


I've added the two subnets corresponding to the subnets on the far side of the s2s links to the leftsubnet of my road warrior config, and those tunnels do connect, but I can only communicate with the subnet behind the centos server, not the subnets behind the other side of the two s2s tunnels. Additionally, I added the 172.16.254.0/24 subnet on the leftsubnet of the two s2s connection configs. Those tunnels come up as well.


Any ideas?


Thanks.


Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160326/818c5d6a/attachment.html>


More information about the Users mailing list