[strongSwan] FreeBSD endpoints issue
doka.ua at gmx.com
Tue Feb 23 11:43:39 CET 2021
I think, you can safely remove this route entry, since it's handled by
Or (and I'd prefer this way) configure route-based VPN
just to avoid confuses when using both routing and policy switching at
the same time.
On 23.02.2021 12:37, Support SimpleRezo wrote:
> I have setup a StrongSWAN VPN IPsec tunnel between two hosts:
> [LAN_A] <=> [HOST_A][PUBLIC_IP_A] <=> [PUBLIC_IP_B][HOST_B] <=> [LAN_B]
> LAN_A: 192.168.1.0/24
> LAN_B: 192.168.6.0/24
> HOST_A route:
> 192.168.6.0/24 gw PUBLIC_IP_A
> It's working: hosts on LAN_A can reach LAN_B hosts and vice-versa.
> But, on the endpoints running StrongSWAN, I cannot reach remote LAN except if I
> specify the source address of LAN.
> host_A# ping 192.168.6.1
> (no answer)
> host_A# ping -S 192.168.1.254 192.168.6.1
> That's seems logic to me, because by default packet sent to remote LAN are
> using the route LAN_B gateway IP_PUBLIC_A, so kernel is using IP_PUBLIC_A
> as source (checks by tcpdump).
> What I need to setup to be able to reach the remote LAN from each peer
> without specifying source IP address ?
> Thanks for you help
"Vision without Execution is Hallucination." -- Thomas Edison
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users