[strongSwan] IPSEC remote access routing
Dusan Ilic
dusan at comhem.se
Sun Jan 29 22:23:08 CET 2017
On 2017-01-29 22:14, Noel Kuntze wrote:
> On 28.01.2017 17:40, Dusan Ilic wrote:
>> Why doesnt the vpn clients traffic respect the Strongswan servers routing table?
> You might be hitting a bug in an older version. If you use something older than 5.5.0, upgrade.
>
I'm using 5.5.0.
The following is my Strongswan servers routing table (default routes).
nexthop via 90.225.x.x dev vlan845 weight 1
nexthop via 10.248.x.x dev ppp1 weight 256
nexthop via 85.24.x.x dev vlan847 weight 1
nexthop via 46.195.x.x dev ppp0 weight 1
Strongswan listens on vlan847 so that's where the remote access clients
are connecting, and also their internet traffic are going out that
interface, despite ppp1 has the highest priority. Every LAN-client on
the Strongswan network are primarily using ppp1, so the routing do work
locally, but not for the VPN-clients.
More information about the Users
mailing list