[strongSwan] Road warriors and site-to-site ping each other
Noel Kuntze
noel at familie-kuntze.de
Mon Mar 13 17:39:47 CET 2017
On 12.03.2017 19:05, Hoggins! wrote:
> Now I want to have road warriors connected on gateway B. That's cool
> : they get a dynamic IP address on 192.168.22.0/24 and they can talk to
> hosts on 192.168.55.0/24. Great.
TL;DR:
Use a different subnet.
Long story:
You've got conflicting subnets which you can't easily solve, because
the TS is (Site A) 192.168.22.0/24 == 192.168.55.0/24 (B)
and the roadwarrior's conflicting subnet is 192.168.22.0/24.
The TS of the tunnel does not permit transmission of packets from site B to site A
where the destination and source are in 192.168.22.0/24.
Hosts on site A wouldn't be able to figure out if a host in 192.168.22.0/24
is on the link (and deliver the packet locally by directly addressing the host on
layer two) or reachable over gw A.
gw A wouldn't know what host in 192.168.22.0/24 is local and which
is attached to site B via a roadwarrior connection.
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170313/5bf4b7f5/attachment.sig>
More information about the Users
mailing list