[strongSwan] swanctl // Traffic not going through the tunnel
yoconono at yoconono.com
yoconono at yoconono.com
Wed Jul 29 21:07:09 CEST 2020
Greetings,
I have an issue with an VPN i'm building.
I need to access to subnets : 10.0.1.0/24 from my local equipment (local
IP 10.0.100.0/24 (debian10 server, ip forward activated). I did create
an swanctl configuration :
connections {
sample1 {
local_addrs=1.1.1.1
remote_addrs=2.2.2.2
local {
auth=psk
id=1.1.1.1
}
remote {
auth=psk
id=2.2.2.2
}
dpd_delay=5
version=2
dpd_timeout=240
rekey_time=180m
proposals=aes256-sha2_512-prfsha512-ecp384
children {
sample1_sub {
local_ts=10.0.1.0/24
remote_ts=10.0.100.0/24
esp_proposals=aes256-sha2_512-ecp384
rekey_time=8h
life_time=3h
dpd_action=start
start_action=start
mode=tunnel
}
}
}
}
secrets {
sample1_psk {
id-1=1.1.1.1
id-2=2.2.2.2
secret=thissiasecret
}
}
The tunnel got up with no issue :
[E1]root at server1:/etc/swanctl$ swanctl -l
sample1: #2, ESTABLISHED, IKEv2, c7915dbccec5c781_i d851ade093b4f8b1_r*
local '1.1.1.1' @ 1.1.1.1[500]
remote '2.2.2.2' @ 2.2.2.2[500]
AES_CBC-256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_384
established 5370s ago, rekeying in 5290s
the route to reach target subnet is also added to table 220 when the
tunnel gets up :
[E1]root at server1:/etc/swanctl$ ip route show table 220
10.0.1.0/24 via 1.1.1.1 dev eth0 proto static src 10.0.100.254
but whenever i try to use the tunnel (like doing a traceroute to
10.0.1.0 -s 10.0.100.254) my traffic goes to the eth0 regular WAN and
never gets encapsulated into the tunnel.
I looked into it reading docs for a while but i was not able to find
the reason. Likely due to my lack of knowledge i bet :/
Can anyone help me tu understand what i missed ?
nota: i did not add anything related to FW as i firstly need to have
traffic going to the tunnel. As long as is goes to regular internet it's
pointlesss setting it up
Thanks
Stephane
More information about the Users
mailing list