[strongSwan] How to bridge two IPsec tunnels on strongswan server?
peyoot at hotmail.com
Thu Nov 26 10:27:24 CET 2020
I have a strongswan server which have public IP address and also connected to intranet with Wifi
roadwarrior ---internet--- A: eth0:184.108.40.206;wlo1: 192.168.1.1 ------wifi router---- B: 10.10.8.229
A has a public IP in eth0, so roadwarrior can setup tunnel to it. I call this tunnel as bridge-vpn.
And also A can setup a tunnel to B, I name it as pvpn.
my goal is to let roadwarrior to be able to ping B via these two tunnels. although ipsec can be set up one by one. but couldn't make them work together. once A to B tunnel is up, the roadwarrior to A tunnel seems not work anymore. Anything I missing?
A's ipsec.conf :
Also enable nat in A to foward roadwarrior trafic to wifi interface:
sudo iptables -t nat -A POSTROUTING -o wlo1 -s 10.100.102.0/24 -j MASQUERADE
Anything I missing? or there's other tricks I need to do?
My guess is that roadwarrior traffic will go to pvpn tunnel because of pvpn's rightsubnet=0.0.0.0/0, but the package coudn't feedback to bridge-vpn , But don't know how to fix it.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users