[strongSwan] Local network (routing)
Michael Schwartzkopff
ms at sys4.de
Mon Oct 10 16:07:52 CEST 2022
On 10.10.22 15:44, Rene Maurer wrote:
> Hi
>
> I am using strongSwan U5.4.0/K4.4.107 (embedded device).
>
> The ipsec tunnel is established over a mobile network and it works fine.
>
> Additionally I have an Ethernet interface eth0 with the address
> 10.162.110.161. eth0 is connected to 10.162.110.165.
>
> I am looking for a way to access the devices connected to eth0 also
> locally and not only through the tunnel (connections 10.162.110.161
> <=> 10.162.110.165 should work).
>
> Is that even possible? If so how?
>
You should be able to access the net 10.162.110.160/29 direct. Please
check i.e. with tcpdump.
> I have:
> ---------
> # ipsec status
> Security Associations (1 up, 0 connecting):
> one[1]: ESTABLISHED 9 seconds ago,
> 10.162.225.65[****]...91.230.141.233[****]
> one{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: cb51bd6c_i
> b9503f34_o
> one{1}: 10.162.110.160/29 === 10.0.0.0/
> ---------
> # route -n
> Destination Gateway Genmask Flags Metric Ref
> Use Iface
> 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
> 10.162.110.160 0.0.0.0 255.255.255.248 U 100 0 0 eth0
> ---------
> ip route show table 220
> 10.0.0.0/8 via xxx.xxx.xxx.xxx dev ppp0 proto static src 10.162.110.161
> ----------
> # ipsec.conf:
> conn one
> # we are left
> left=10.162.225.65
> leftid=*****
> leftsubnet=10.162.110.160/29
> leftcert=****.crt
> leftsendcert=always
>
> # XXX is right
> right=xxx.xxx.xxx.xxx.
> rightid=****
> rightsubnet=10.0.0.0/8
> auto=start
> ----------
>
> Regards
> René
Mit freundlichen Grüßen,
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the Users
mailing list