[strongSwan] Local network (routing)

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Mon Oct 10 23:14:52 CEST 2022


Hello René,

Yes, if the networks overlapped then that was the right solution.
It was not clear to me that they were just from the email.

Kind regards
Noel

On 10.10.22 22:33, Rene Maurer wrote:
> On 10.10.2022 Noel Kuntze wrote:
>
>> Please provide the output of `ipsec statusall` as well as `ip x p`.  Also, what are your firewall rules (iptables-save, nft list ruleset).
>
>> On 10.10.22 15:44, Rene Maurer wrote:
>
>>> I am looking for a way to access the devices connected to eth0 also locally and not only through the tunnel (connections 10.162.110.161 <=> 10.162.110.165 should work).
>>>
>>> Is that even possible? If so how?
>
> Thanks for your answer Noël.
>
> It was much easier. According to https://lists.strongswan.org/pipermail/users/2015-May/008222.html, the key is to set up a passthrough connection in ipsec.conf. Very elegant IMHO ;-)
>
> I have added in ipsec.conf:
>
> conn eth0_local
>     leftsubnet=10.162.110.160/29
>     rightsubnet=10.162.110.160/29
>     authby=never
>     type=passthrough
>     auto=route
>
> This works perfect as far as I can see so far.
> I hope this is the recommended way to do it.
>
> Kind regards
> René



More information about the Users mailing list