[strongSwan] Road warriors and site-to-site ping each other

[Hoggins!]

Hello list,

I got a question, not sure if I can do what I want, if it's ever doable.
Please be kind.

*TL;DR :* got a site2site tunnel between gateway A and gateway B, works
great. I would like to have road warriors connected to gateway B, and be
able to speak with hosts located behind gateway A.


So here's the thing :
    My gateway A (local address 192.168.22.10, subnet to connect is
192.168.22.0/24) connects to gateway B (local address 192.168.55.111,
subnet is 192.168.55.0/24) and establishes a site2site tunnel. Any host
on 192.168.22.0/24 can talk to any other one on 192.168.55.0/24 and vice
versa. You will tell me that's the expected behavior. Thank you.
    Now I want to have road warriors connected on gateway B. That's cool
: they get a dynamic IP address on 192.168.22.0/24 and they can talk to
hosts on 192.168.55.0/24. Great.

    The problem is that when I try to make roadwarrior X (with IP
address 192.168.22.2) talk to 192.168.22.10, I get no answer. My guess
is that 192.168.22.10 does not know where to answer, as its default
route to 192.168.22.0/24 is on a real physical interface, so it might be
trying to answer on this link rather than inside the tunnel.

    Or could it be gateway B that is somehow blocking my traffic ?

I think I need your help on :
    - seeing if what I want to achieve is possible with the addressing I
chose
    - if yes, finding diagnostic methods to find where my problem is

One important thing to note is that I have no control over the exact
configuration of gateway B, it is provided "as is" by a third-party, and
might not even be a StrongSwan implementation.

Thank you for your help.

    Hoggins!


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170312/d4668056/attachment.sig>