[strongSwan] Local network (routing)
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Mon Oct 10 22:05:37 CEST 2022
Hi René,
Please provide the output of `ipsec statusall` as well as `ip x p`. Also, what are your firewall rules (iptables-save, nft list ruleset).
Kind regards
Noel
On 10.10.22 15:44, Rene Maurer wrote:
> Hi
>
> I am using strongSwan U5.4.0/K4.4.107 (embedded device).
>
> The ipsec tunnel is established over a mobile network and it works fine.
>
> Additionally I have an Ethernet interface eth0 with the address 10.162.110.161. eth0 is connected to 10.162.110.165.
>
> I am looking for a way to access the devices connected to eth0 also locally and not only through the tunnel (connections 10.162.110.161 <=> 10.162.110.165 should work).
>
> Is that even possible? If so how?
>
> I have:
> ---------
> # ipsec status
> Security Associations (1 up, 0 connecting):
> one[1]: ESTABLISHED 9 seconds ago, 10.162.225.65[****]...91.230.141.233[****]
> one{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: cb51bd6c_i b9503f34_o
> one{1}: 10.162.110.160/29 === 10.0.0.0/
> ---------
> # route -n
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
> 10.162.110.160 0.0.0.0 255.255.255.248 U 100 0 0 eth0
> ---------
> ip route show table 220
> 10.0.0.0/8 via xxx.xxx.xxx.xxx dev ppp0 proto static src 10.162.110.161
> ----------
> # ipsec.conf:
> conn one
> # we are left
> left=10.162.225.65
> leftid=*****
> leftsubnet=10.162.110.160/29
> leftcert=****.crt
> leftsendcert=always
>
> # XXX is right
> right=xxx.xxx.xxx.xxx.
> rightid=****
> rightsubnet=10.0.0.0/8
> auto=start
> ----------
>
> Regards
> René
More information about the Users
mailing list