[strongSwan] FreeBSD endpoints issue
Volodymyr Litovka
doka.ua at gmx.com
Tue Feb 23 11:43:39 CET 2021
Hi Clement,
I think, you can safely remove this route entry, since it's handled by
the policy.
Or (and I'd prefer this way) configure route-based VPN
(https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN),
just to avoid confuses when using both routing and policy switching at
the same time.
On 23.02.2021 12:37, Support SimpleRezo wrote:
> Hi
>
> I have setup a StrongSWAN VPN IPsec tunnel between two hosts:
> [LAN_A] <=> [HOST_A][PUBLIC_IP_A] <=> [PUBLIC_IP_B][HOST_B] <=> [LAN_B]
>
> LAN_A: 192.168.1.0/24
> LAN_B: 192.168.6.0/24
>
> HOST_A route:
> 192.168.6.0/24 gw PUBLIC_IP_A
>
> It's working: hosts on LAN_A can reach LAN_B hosts and vice-versa.
>
> But, on the endpoints running StrongSWAN, I cannot reach remote LAN except if I
> specify the source address of LAN.
> host_A# ping 192.168.6.1
> (no answer)
> host_A# ping -S 192.168.1.254 192.168.6.1
> (works)
>
> That's seems logic to me, because by default packet sent to remote LAN are
> using the route LAN_B gateway IP_PUBLIC_A, so kernel is using IP_PUBLIC_A
> as source (checks by tcpdump).
>
> What I need to setup to be able to reach the remote LAN from each peer
> without specifying source IP address ?
>
> Thanks for you help
>
> --
> Clement
> SimpleRezo
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210223/53581bbb/attachment.html>
More information about the Users
mailing list