I think I understand what I'm doing wrong: strongswan only inserts a route if a local IP address can be found in the subnet 172.16.48.16/28. I currently don't have an IP address in that subnet assigned to an interface on my system so no route gets installed.
So IIUC to fix this I need to add an IP address within the 172.16.48.16/28 subnet (for example 172.16.48.17) to some interface in my system. My question now is to which interface should I attach 172.16.48.17? I don't think I should attach it to eth0 since that is connected to the internet and I don't think you should attach local addresses to an internet connected interface. Should I create some virtual interface (tun/tap) and attach it to that? Thanks for bearing with me so far! Bas On 20 March 2015 at 17:50, Bas van Dijk <[email protected]> wrote: > I forgot to mention that I see the following in the log: > > Mar 20 17:36:42 zeus charon[4136]: 14[KNL] getting a local address in > traffic selector 172.16.48.16/28 > Mar 20 17:36:42 zeus charon[4136]: 14[KNL] no local address found in > traffic selector 172.16.48.16/28 > > On 20 March 2015 at 17:48, Bas van Dijk <[email protected]> wrote: >> Hi Tobias, >> >> Sorry for the late reply. >> >> It seems my strongswan doesn't setup the route since `ip route list >> table 220` doesn't show anything. I think I'm suffering from bug: >> https://wiki.strongswan.org/issues/197. >> >> As a work-around I will try to manually add the route: >> >> 10.180.0.0/16 via <default GW> dev eth0 proto static src 172.16.48.16 >> >> Cheers, >> >> Bas >> >> On 18 February 2015 at 17:03, Tobias Brunner <[email protected]> wrote: >>> Hi Bas, >>> >>>> So am I right that the only thing left to do is configure my system so >>>> that packets to hosts on the 10.180.0.0/24 subnet appear to come from >>>> a host on the 172.16.48.16/28 subnet? >>>> >>>> To accomplish this I already added the additional IP address >>>> 172.16.48.16 to my NIC (besides the DHCP configured 192.168.42.162). >>>> >>>> What's the next step? Do I need to add a route or some iptables rule? >>> >>> strongSwan should find the address you added to the NIC and install an >>> appropriate route to routing table 220 automatically. You may check >>> with `ip route list table 220`. This route will look similar to this: >>> >>> 10.180.0.0/16 via <default GW> dev eth0 proto static src 172.16.48.16 >>> >>> This should force 172.16.48.16 as source address for packets sent to >>> hosts in 10.180.0.0/16. (Depending on how the other peer is configured >>> you might want to try a different IP from your source subnet e.g. .17, >>> because .16 is the network ID, while .31 is the broadcast address). >>> >>> Regards, >>> Tobias >>> _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
