[strongSwan] Routing

Jafar Al-Gharaibeh jafar at atcorp.com
Fri Jul 27 00:00:26 CEST 2018 

Chris,

    Your server is connected to two subnets one of them has the default 
gateway through eth0 (in the direction of your clients). When you add a 
new route for 10.0.0.0/20 through eth1 then all 10.0.0.0/20 traffic is 
going to go though that interface including 10.0.0.0/22  since the 
latter is a subset of the former. You still have a default gateway  
through eth0 but the route you add is going to be selected for 
10.0.0.0/22 since it is more specific (preferred by the kernel) than the 
default route. you either narrow down the route you add or just add a 
new route to force 10.0.0.0/22 to still go through eth0. Using iproute2 
commands here is what I'd do:


ip route add 10.0.0.0/22 dev eth0 via 172.31.0.1

ip route add 10.0.0.0/20 dev eth1 via 172.31.80.1


--Jafar



On 07/26/2018 01:45 PM, Christian Salway wrote:
> I'm having trouble getting routing to work.
>
> I have the following setup
>
> 10.0.0.0/22 (clients)  >> 35.178.182.221 (aws elastic ip) >> | 
> 172.31.0.17 (eth0)  > 172.31.92.251 (eth1) |  >> 10.0.0.0/20 (remote 
> network)
>
>
> $ route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    
> Use Iface
> 0.0.0.0         172.31.0.1      0.0.0.0         UG    0      0   0 eth0
> 172.31.0.0     0.0.0.0         255.255.240.0   U     0      0        0 
> eth0
> 172.31.80.0     0.0.0.0         255.255.240.0   U     0      0        
> 0 eth1
>
>
> If I add the following route manually, it allows me to connect from 
> the server, but i cant get clients to route through.
>
> route add -net 10.0.0.0/20 gateway 172.31.80.1 eth1
>
> $ route -n
> Kernel IP routing table
> Destination     Gateway     Genmask         Flags Metric Ref    Use Iface
> 0.0.0.0         172.31.0.1     0.0.0.0         UG    0      0        0 
> eth0
> 10.0.0.0        172.31.80.1     255.255.240.0   UG    0      0        
> 0 eth1
> 172.31.0.0      0.0.0.0     255.255.240.0   U     0      0        0 eth0
> 172.31.80.0     0.0.0.0     255.255.240.0   U     0      0        0 eth1
>
> What am i missing??
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180726/91fa0a95/attachment-0001.html>

More information about the Users mailing list