[strongSwan] Users Digest, Vol 126, Issue 9

Rizwan Saleem malik.chand at hotmail.com
Wed Jul 15 14:16:26 CEST 2020


Hi
I have stronswan 8.2 Roadwarrior Configurator it worked fine when I disabled SElinux
Is there anyway that the Strongswan run without disabling the SElinux.
Thanks 




     Rizwan Saleem 
    

> On 14 Jul 2020, at 1:00 PM, "users-request at lists.strongswan.org" <users-request at lists.strongswan.org> wrote:
> 
> ´╗┐Send Users mailing list submissions to
>    users at lists.strongswan.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>    https://lists.strongswan.org/mailman/listinfo/users
> or, via email, send a message with subject or body 'help' to
>    users-request at lists.strongswan.org
> 
> You can reach the person managing the list at
>    users-owner at lists.strongswan.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Users digest..."
> 
> 
> Today's Topics:
> 
>   1. Mimic inner tunnel traffic (Roee Agami)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Mon, 13 Jul 2020 09:49:51 -0400
> From: Roee Agami <ragami at bluecedar.com>
> To: users at lists.strongswan.org
> Subject: [strongSwan] Mimic inner tunnel traffic
> Message-ID: <50F7AAAA-FD0E-4E14-A780-6992AD093D22 at bluecedar.com>
> Content-Type: text/plain;    charset=us-ascii
> 
> Hi,
> 
> For reachability testing purposes I would like to mimic inner tunnel traffic toward resources beyond the terminating GW.
> I read that I might be able to achieve that by setting some routing rules (table 220?).
> 
> When I establish an IPSec tunnel, on the GW I see the following (my VIP pool is 192.168.50.1 to .60 I believe):
> 
> 192.168.50.9 via 192.168.1.164 dev eth1 table 220 proto static 
> 
> eth1 is the side toward the initiator, eth0 is where the inner traffic usually flows too (behind the GW).
> 
> 1. Do you think that I should create a virtual interface on top of eth0, then send the traffic from it? Or is there a way to setup routing rules to allow this? Obviously I would like to be able to get the responses back.
> 2. How does the GW today knows how to route traffic coming from the tunnel into eth0?
> 
> Here is the rest of the table:
> 
> ip route show table all
> default via 192.168.60.2 dev eth0 table 102 
> 192.168.60.0/24 dev eth0 table 102 scope link 
> default via 192.168.1.1 dev eth1 table 103 
> 192.168.1.0/24 dev eth1 table 103 scope link
> 192.168.50.9 via 192.168.1.164 dev eth1 table 220 proto static 
> default via 192.168.60.2 dev eth0 
> 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
> 192.168.1.0/24 dev eth1 scope link metric 6 
> 192.168.60.0/24 dev eth0 scope link metric 3 
> 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 
> broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 
> local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
> local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
> broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
> broadcast 172.17.0.0 dev docker0 table local proto kernel scope link src 172.17.0.1 
> local 172.17.0.1 dev docker0 table local proto kernel scope host src 172.17.0.1 
> broadcast 172.17.255.255 dev docker0 table local proto kernel scope link src 172.17.0.1 
> broadcast 192.168.1.0 dev eth1 table local proto kernel scope link src 192.168.1.237 
> local 192.168.1.237 dev eth1 table local proto kernel scope host src 192.168.1.237 
> broadcast 192.168.1.255 dev eth1 table local proto kernel scope link src 192.168.1.237 
> broadcast 192.168.60.0 dev eth0 table local proto kernel scope link src 192.168.60.201 
> local 192.168.60.201 dev eth0 table local proto kernel scope host src 192.168.60.201 
> broadcast 192.168.60.255 dev eth0 table local proto kernel scope link src 192.168.60.201 
> broadcast 192.168.122.0 dev virbr0 table local proto kernel scope link src 192.168.122.1 
> local 192.168.122.1 dev virbr0 table local proto kernel scope host src 192.168.122.1 
> broadcast 192.168.122.255 dev virbr0 table local proto kernel scope link src 192.168.122.1 
> 
> 
> Thanks!
> 
> End of Users Digest, Vol 126, Issue 9
> *************************************


More information about the Users mailing list