[strongSwan] Routing all traffic based on a virtual IP to a different virtual IP

joekokker at epios.eu joekokker at epios.eu
Wed Jan 23 00:15:12 CET 2019

Dear all,

I am trying to solve a specific routing scenario with computers 
connected with strongswan. The setup is with virtual IPs in the range.

Computer A (behind NAT) --> Gateway (public IP and assigned address) --> Computer B (behind NAT) --> Internet 
of Computer B

Computer C (behind NAT) --> Gateway (public IP and assigned address) --> Computer D (behind NAT) --> Internet 
of Computer D

I want to be able to access the internet of computer B or D by computer 
A and C. Forwarding is enabled on the gateway and the computers can 
individually reach each other. The entire traffic from a specific IP 
(e.g. should be forwarded by the gateway to another 
destination (e.g. were masquerading occurs.

I tried with the Multi-ISP scenario of Shorewall, which I am using, but 
it did not work. It somehow needs to be able to get the MAC address of 
the router it should forward to (computer B and D).

I also tried to directly modify the routing table as follows:

echo 200 COMPA >> /etc/iproute2/rt_tables
ip route add dev eth0 table COMPA
ip route add default via table COMPA

#Then the rules to select the route table based on the source address:
ip rule add from dev eth0 table COMPA

Unfortunately this leads to no success. The packages arrive at the 
gateway but are not forwarded. However the 'ip route from to' shows that the traffic should go through the gateway

The computers are connected to the gateway as hosts. No subnet was 
specified. But I cannot imagine defining a leftsubnet of, on 
multiple computers reaching the gateway.

I am not sure which direction I should go now. I would be really happy 
if someone could tell me how I can go on. I did not include the configs, 
because to me it seems just like a routing issue.

Thanks in advance!


More information about the Users mailing list