Please refer to Andreas' mail which you can find on https://lists.strongswan.org/pipermail/users/2007-June/001874.html
This e-mail describes a very similar problem. You probably have to add something like the following to your ipsec.conf: conn pass leftsubnet=172.16.0.16/29 rightsubnet=172.16.0.16/29 left=%defaultroute right=a.b.c.d type=passthrough authby=never auto=route Let us know if this solves your problem. If the problem persists then please post your ipsec.conf and also the output of the following command: ip xfrm policy Btw: The problem is not located in the routing table but in the so-called Security Policy Database which determines which IP packets IPsec should be applied to. The connection description above adds an exception for local traffic. -Daniel Andreas Ascheneller wrote: > Hello! > > I will create a VPN based on Strongswan. The IP-Range of the VPN is > 172.16.0.0/22. > No I have separate this big IP-Range in smaller range with the netmask > /29 like that; > > 172.16.0.0/29 ==== Central VPN Gateway ==== 172.16.0.8/29 > || > 172.16.0.16/29 > > and so on... > > Now when I start the ipsec connection, Strongwan routes the local > network packages through the ipsec tunnel. > I think the problem is that the leftsubnet is a part of the rightsubnet. > > Is there a way to do that with the routing table or so? > > I use a analog solution with openswan - that works. > > > regards > Andreas Ascheneller > _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users