[strongSwan] IPSEC remote access routing

Noel Kuntze noel at familie-kuntze.de
Mon Jan 30 00:26:32 CET 2017

On 29.01.2017 22:23, Dusan Ilic wrote:
> The following is my Strongswan servers routing table (default routes).
>         nexthop via 90.225.x.x  dev vlan845 weight 1
>         nexthop via 10.248.x.x  dev ppp1 weight 256
>         nexthop via 85.24.x.x  dev vlan847 weight 1
>         nexthop via 46.195.x.x  dev ppp0 weight 1

Please don't replace IPs with the useless text "nexthop".
If you replace them, replace them with values that make sense.

> Strongswan listens on vlan847 so that's where the remote access clients are connecting, and also their internet traffic are going out that interface, despite ppp1 has the highest priority. Every LAN-client on the Strongswan network are primarily using ppp1, so the routing do work locally, but not for the VPN-clients.

What's in table 220? The kernel handles the traffic, so it has to obey the routing rules and -tables. Maybe disable the installation of routes in strongSwan.conf, if there are routes in table 220 and you don't need the. Remove parts you don't necessarily need.
You need to take a look at your iptables and routing rules, if you use policy based routing.


Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170130/5c98cef4/attachment.sig>

More information about the Users mailing list