[strongSwan] FreeBSD endpoints issue

Volodymyr Litovka doka.ua at gmx.com
Tue Feb 23 11:43:39 CET 2021

Hi Clement,

I think, you can safely remove this route entry, since it's handled by
the policy.

Or (and I'd prefer this way) configure route-based VPN
just to avoid confuses when using both routing and policy switching at
the same time.

On 23.02.2021 12:37, Support SimpleRezo wrote:
> Hi
> I have setup a StrongSWAN VPN IPsec tunnel between two hosts:
> [LAN_A] <=> [HOST_A][PUBLIC_IP_A] <=> [PUBLIC_IP_B][HOST_B] <=> [LAN_B]
> LAN_A:
> LAN_B:
> HOST_A route:
> It's working: hosts on LAN_A can reach LAN_B hosts and vice-versa.
> But, on the endpoints running StrongSWAN, I cannot reach remote LAN except if I
> specify the source address of LAN.
> host_A# ping
> (no answer)
> host_A# ping -S
> (works)
> That's seems logic to me, because by default packet sent to remote LAN are
> using the route LAN_B gateway IP_PUBLIC_A, so kernel is using IP_PUBLIC_A
> as source (checks by tcpdump).
> What I need to setup to be able to reach the remote LAN from each peer
> without specifying source IP address ?
> Thanks for you help
> --
> Clement
> SimpleRezo

Volodymyr Litovka
   "Vision without Execution is Hallucination." -- Thomas Edison

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210223/53581bbb/attachment.html>

More information about the Users mailing list