[strongSwan] Can't make routing work to pass Internet traffic
arab666 at protonmail.com
Mon May 7 06:11:25 CEST 2018
Thanks a lot, that seems a way. I already start creating intermediate routes on the server, traffic starts passing. It is not a convenient solution, but, at least, my task will be solved soon. ipip tunnel is an another option which I should look into, it even may be better to suit my needs. Thanks again, Phil!
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On May 6, 2018 10:52 PM, Phil Frost <phil at postmates.com> wrote:
> That's simply not how IP works. Without any special options, the IP header doesn't contain the path, but only the final destination. Nominally, the path is determined independently by each router deciding what the next hop is, and adjacent routers are on the same L2 network (which may be a point-to-point ethernet link of only two hosts, or in your case, a virtual one implemented as an IPsec tunnel.)
> The canonical solution would be to have a route on the server (10.10.1.1, I think it was?). Other ideas involve an ipip tunnel between the clients (10.10.3.1 and 10.10.2.1), or possibly you can do something with IP source routing options.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users