Please refer to Andreas' mail which you can find on
https://lists.strongswan.org/pipermail/users/2007-June/001874.html
This e-mail describes a very similar problem. You probably have to add
something like the following to your ipsec.conf:
conn pass
leftsubnet=172.16.0.16/29
rightsubnet=172.16.0.16/29
left=%defaultroute
right=a.b.c.d
type=passthrough
authby=never
auto=route
Let us know if this solves your problem.
If the problem persists then please post your ipsec.conf and also the
output of the following command:
ip xfrm policy
Btw: The problem is not located in the routing table but in the
so-called Security Policy Database which determines which IP packets
IPsec should be applied to. The connection description above adds an
exception for local traffic.
-Daniel
Andreas Ascheneller wrote:
> Hello!
>
> I will create a VPN based on Strongswan. The IP-Range of the VPN is
> 172.16.0.0/22.
> No I have separate this big IP-Range in smaller range with the netmask
> /29 like that;
>
> 172.16.0.0/29 ==== Central VPN Gateway ==== 172.16.0.8/29
> ||
> 172.16.0.16/29
>
> and so on...
>
> Now when I start the ipsec connection, Strongwan routes the local
> network packages through the ipsec tunnel.
> I think the problem is that the leftsubnet is a part of the rightsubnet.
>
> Is there a way to do that with the routing table or so?
>
> I use a analog solution with openswan - that works.
>
>
> regards
> Andreas Ascheneller
>
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
