Hi Noel I just add iptables -t nat -I POSTROUTING -s 192.168.89.0/24 -d 192.168.87.0/24 -j ACCEPT Then I can ping 192.168.87.1 from openwrt. After I change rightsubnet=0.0.0.0 on both sides' IPSec.conf,I can not ping 87.1from openwrt.
So how can I allow all traffic to foreign ip range into IPSec tunnel? Sent from Mobile > On 2014年12月18日, at 03:31, Noel Kuntze <[email protected]> wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hello Eric, > > You can use passthrough policies for your local networks and a ts of > localnet == 0.0.0.0/0 for that. > You will need to use some custom firewall rule to except IPsec traffic from > NAT. Look through the list archive > for some emails from me about that topic. > > Mit freundlichen Grüßen/Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > >> Am 17.12.2014 um 13:21 schrieb Eric Y. Zhang: >> Hi all >> here is my setup >> >> strongswan(openwrt)<----->strongswan(linux VPS), the ipsec tunnel is up >> between those 2. >> >> Now I want to route all traffic except domestic to that tunnel. How can I >> make that work? >> -- >> Life is harsh >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJUkdn/AAoJEDg5KY9j7GZYWF0QAIFdtVrO9W9BAT5I3tMyaLef > P/RiXH4XMVI+8bWOc3ti8lm6m4QNeConni5NRF9AAE5vpeQoOSfxiCYaTcHomv7f > fji0ORb0n07TRL34G4hhmg10e16Rl1rowujhNo/LUg/euogwRB19DZs9+FbUndIN > UIUHY9wWA7eaBpmyYAJS69nejB7ZcaaK2yD6kt5gRxJgf0alQtaCGybiDhhmEfDp > rbj2p0riA9Kgo6j8DzI0WWlf1l7gq2C+pasV1XLDYh/VGp0PFRbwfNUMdYVvbgDn > U/vXZ/W8C9ddrqcI1i7ZsVqk+/qgX3xTMyhfbfwYlMEHx2H3LrL916zqf0H1xDnj > 0/hwGETXCHfIWR78GF+6/AX+iUk+jn1PHapVgLNM8SAYlBmf0xxYVss8y9hAlimn > n9ReRari2+PEMFQisZ6+Vdt+IkE7r43XgDOhVb2e987i52ocAdSITAPWKDCTvj47 > 41fw4fUXzuFTeUciEvfQrjhm3OdskxysyEf+UwKAnVi4pZncTT3+n5cp955IR/nv > 3/maizD0EHtlKr7iylvdcp/Z2kKc/okqks5QpyBDuUVd+2FotPVUjYKg0PAgT0oJ > BoJphf35usL/rZVT8Vs3eQtQ+xS3x5zmieFuK1flex5ppFj5pkrcytH4a8bnAMl7 > dw6HG55NEhMpUGq5n7GU > =OmKw > -----END PGP SIGNATURE----- > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
