Date: Tue, 19 Jan 2021 11:34:44 +0100 From: Support SimpleRezo <simplerezo@gmail.com> To: freebsd-questions@freebsd.org Subject: StrongSWAN VPN tunnel: working, but peers cannot reach remote network Message-ID: <CALVu1vZGUOXA6ruWX5fhQA5mQSa-9nhEsVYHCm1ErYG9Cfr-=g@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi I have setup a StrongSWAN VPN IPsec tunnel between two hosts: [LAN_A] => [HOST_A][PUBLIC_IP_A] <=> [PUBLIC_IP_B][HOST_B][LAN_B] LAN_A: 192.168.1.0/24 LAN_B: 192.168.6.0/24 HOST_A route: 192.168.6.0/24 gw PUBLIC_IP_A It's working: every hosts on LAN_A can reach LAN_B hosts and vice-versa. But, on the hosts running StrongSWAN, I cannot reach remote LAN EXCEPT if I specify the source address of LAN. host_A# ping 192.168.6.1 (no answer) host_A# ping -S 192.168.1.254 192.168.6.1 (works) That's seems logic to me, because by default packet sent to remote LAN are using the route LAN_B gateway IP_PUBLIC_A, so kernel is using IP_PUBLIC_A as source (checks by tcpdump). What I need to setup to be able to reach the remote LAN from each peer without specifying source IP address ? Thanks for you help -- Clement SimpleRezo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALVu1vZGUOXA6ruWX5fhQA5mQSa-9nhEsVYHCm1ErYG9Cfr-=g>