[strongSwan] IPSEC remote access routing

Dusan Ilic dusan at comhem.se
Sun Jan 29 22:23:08 CET 2017

On 2017-01-29 22:14, Noel Kuntze wrote:
> On 28.01.2017 17:40, Dusan Ilic wrote:
>> Why doesnt the vpn clients traffic respect the Strongswan servers routing table?
> You might be hitting a bug in an older version. If you use something older than 5.5.0, upgrade.
I'm using 5.5.0.

The following is my Strongswan servers routing table (default routes).

         nexthop via 90.225.x.x  dev vlan845 weight 1
         nexthop via 10.248.x.x  dev ppp1 weight 256
         nexthop via 85.24.x.x  dev vlan847 weight 1
         nexthop via 46.195.x.x  dev ppp0 weight 1

Strongswan listens on vlan847 so that's where the remote access clients 
are connecting, and also their internet traffic are going out that 
interface, despite ppp1 has the highest priority. Every LAN-client on 
the Strongswan network are primarily using ppp1, so the routing do work 
locally, but not for the VPN-clients.

More information about the Users mailing list