[strongSwan] Help: Issue with routing internet traffic through tunnel

[Harikrishna Patnala]

Hi all,

We want to send all the traffic (including internet traffic) from Site A clients through the tunnel to Site B. Now Site B should forward to internet and send the response back to Site A.

Site A subnet : 10.1.0.0/24
Site B subnet : 10.2.0.0/24

[Site A client]  ===internet_traffic===>  [Site A router]  ===internet_traffic===>  ||   TUNNEL   ||  ===internet_traffic===> [Site B router]  ===internet_traffic===> [WEBSITES]

I have configured Site A’s right subnet with 0.0.0.0/0 subnet and the internet traffic is sent to Site B through tunnel.

I can see packets (ICMP echo request in the below log) coming to Site B's router but there is no reply packet.

06:46:17.970356 IP 10.147.30.243 > 10.147.30.244: ESP(spi=0xce80ace9,seq=0x3a), length 132
06:46:17.970356 IP 10.1.0.5 > 8.8.8.8: ICMP echo request, id 30485, seq 9, length 64

I suspect that IPSec is not forwarding the packets from Site B, Can you please suggest a way to forward traffic to internet using IPsec.

Regards,
Harikrishna
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190507/96180f3f/attachment.html>