[strongSwan] L2TP/IPSec Passthrough - Interfaces?

Tom Rymes trymes at rymes.com
Fri Jun 2 21:12:42 CEST 2017


We are running StrongSWAN as part of an IPFire router distribution. 
Strongswan handles multiple tunnels via the WAN interface, and that 
interface has multiple public IPs associated with it.

We are also trying to pass L2TP/IPSec through the router to a Windows 
RRAS server for the purpose of establishing roadwarrior-type VPN 
connections to one of the other IP Addresses.

Currently, this is not working, and it seems that it is because 
StrongSwan is trying to handle the IPSec traffic, instead of passing it 
through to the windows server.

After digging through the docs a little, it looks to me that we need to 
specify the "charon.interfaces_use" directive in the configuration to 
limit StrongSwan to only one of the configured IP Addresses.

Does that make sense?

Tom


More information about the Users mailing list