[strongSwan] IPSec traffic encryption in one subnet

Václav Dokoupil vaclav.dokoupil at gatema.cz
Tue Jun 25 19:15:15 CEST 2019


Hi,

I am trying to run IPSec connection between two devices connected via microwave link within one network. Devices have bridge between rj45 and eth2 interfaces as shown in diagram and this bridge has the address 10.255.0.xxx. Currently I’m in situation where traffic is secured only for communication between devices (e.g. ping from one to another) but any other traffic which is not for the devices is unsecured (e.g. ping from network to the laptop). Since I don’t have much knowledge in this area, I tried almost everything I found (modify iptables for FORWARD or POSTROUTE etc.).

Thank you for your help,

Vaclav Dokoupil
[cid:ee62558f-ca6d-4aa8-9c25-2a330e96027b at eurprd02.prod.outlook.com]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/8973666d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: network.jpeg
Type: image/jpeg
Size: 16603 bytes
Desc: network.jpeg
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/8973666d/attachment-0001.jpeg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: charon_debug_222.log
Type: application/octet-stream
Size: 16504 bytes
Desc: charon_debug_222.log
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/8973666d/attachment-0004.obj>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: fw_rulesv4_222.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/8973666d/attachment-0010.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/applefile
Size: 140 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/8973666d/attachment-0002.bin>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ip_addr_222.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/8973666d/attachment-0011.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ip_table_222.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/8973666d/attachment-0012.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: swan_active_ike_222.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/8973666d/attachment-0013.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: swan_loaded_configs_222.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/8973666d/attachment-0014.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: swanctl_222.conf
Type: application/octet-stream
Size: 16849 bytes
Desc: swanctl_222.conf
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/8973666d/attachment-0005.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: charon_debug_244.log
Type: application/octet-stream
Size: 17644 bytes
Desc: charon_debug_244.log
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/8973666d/attachment-0006.obj>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: fw_rulesv4_244.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/8973666d/attachment-0015.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/applefile
Size: 140 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/8973666d/attachment-0003.bin>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ip_addr_244.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/8973666d/attachment-0016.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ip_table_244.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/8973666d/attachment-0017.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: swan_active_ike_244.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/8973666d/attachment-0018.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: swan_loaded_configs_244.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/8973666d/attachment-0019.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: swanctl_244.conf
Type: application/octet-stream
Size: 16795 bytes
Desc: swanctl_244.conf
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/8973666d/attachment-0007.obj>


More information about the Users mailing list