[strongSwan] How to route all client traffic through the server?
Neddie Seak
neddieseak at hotmail.com
Thu Oct 21 11:12:03 CEST 2021
I am working my way through a simple example of a road-warrior with certificate authentication, based on https://www.strongswan.org/testing/testresults/ikev2/rw-cert/
By adding a virtual address pool to the server swanctl.conf, similar to the Roadwarrior scenario at https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples,
primary-pool-ipv4 {
addrs = 172.16.252.0/24
dns = 8.8.8.8
}
and by adding a line to the client swanctl.conf:
vips = 0.0.0.0
the server assigns a virtual IP address to the client, 172.16.252.1/32. This can be confirmed with the command:
ip a
However, nothing is added to the client's route table. The output from the command:
ip r
does not change. And the client continues to use its regular Internet gateway instead of the tunnel to the server.
How do I get the client to send ALL its traffic through the tunnel to the server?
More information about the Users
mailing list