[strongSwan] Net-to-Net wrong source IP of VPN server.
Lukas Hejmal
lukas at hejmal.eu
Mon May 2 10:54:51 CEST 2016
Hello Tobias,
thanks for reply. Route is indeed installed, but it is:
# ip route list table 220
192.168.1.0/24 via 1.2.3.1 dev eth0.2 proto static src 1.2.3.4
#
where 1.2.3.4 is locally attached, publicly reachable IP address and
1.2.3.1 is default gw for this public IP address. Therefore it is
sending all traffic for 192.168.1.0/24 via internet and all delivery
fails as it is internal subnet.
I would expect there something like:
192.168.1.0/24 ... proto static src 192.168.2.1
On 5/2/2016 10:31, Tobias Brunner wrote:
> Hi Lukas,
>
>> Is there any
>> way(config in ipsec.config file or iptables rule) how can I force VPN_A
>> box to use source IP 192.168.2.1 each time it is sending traffic to
>> SUBNET_B (192.168.1.0/24)?
> Appropriate routes should get installed in routing table 220
> automatically (check with `ip route list table 220`). If hat's not the
> case check the log for errors.
>
> Regards,
> Tobias
>
>
More information about the Users
mailing list