Hi Tica, Hi strongSwan core developers, I just tried this kind of set up and it worked for me (although the setup was a bit tricky).
Could you please provide us with more information regarding your setup. Please post the following files: ipsec.conf Post the output of the following commands as well: ip xfrm policy ip route show table 0 A network diagram would be useful as well. There's one question I would like to ask people on this list including the strongSwan core developers: I'm trying to setup a road warrior to pass all traffic (0.0.0.0/0) through the VPN tunnel. Only local traffic should be excluded. I'm using http://www.strongswan.org/uml/testresults43/ikev1/passthrough/ as a basis. In my setup the virtual IP address of the rw used inside the tunnel is different from the physical IP address in the local subnet. strongSwan inserts routing entries in the table 220. 0.0.0.0/1 via 192.168.10.2 dev eth0 src 10.33.44.1 128.0.0.0/1 via 192.168.10.2 dev eth0 src 10.33.44.1 10.33.44.1 is the virtual IP address inside the tunnel. Linux chooses this IP address as the source address for *local* traffic, too. But it shouldn't do that in my setup. I need linux to choose 192.168.10.78 as the source address for *local* traffic because that's the IP address of the interface. Routing table 220 has higher priority than the routing table "main". Because of that the routing table entry 128.0.0.0/1 via 192.168.10.2 dev eth0 src 10.33.44.1 takes precedence over the correct routing table entry in table "main" for local traffic. What I ended up doing is to duplicate the routing table entry for local traffic and to insert it into table 220. 192.168.10.0/24 dev eth0 scope link 0.0.0.0/1 via 192.168.10.2 dev eth0 src 10.33.44.1 128.0.0.0/1 via 192.168.10.2 dev eth0 src 10.33.44.1 Does anybody know of a more elegant way to do that. For the sake of completeness here's the data of the local NIC. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 inet 192.168.10.78/24 brd 192.168.10.255 scope global eth0 inet 10.33.44.1/32 scope global eth0 Thanks & Regards Daniel _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
