Hi,
I found my problem: "rp_filter" for the vti interface was not set to 2.
No, I can establish correctly the connection and any request done by "vpn"
user is going through it.
Currently, I still have a problem for keeping alive the connection...
Indeed, after several minutes, no way to use anymor
Hi,
After combining/executing the different scripts, I'm still not able to send
something to the "vti" interface previously created.
Indeed, despite the different rules added, "vti" interface is receiving
nothing. Seems I made something wrong in my different routes...
I will appreciate if someone c
To check your routing tables, you can use `ip route get SOME_IP_ADDRESS`.
You can also inspect the routing tables with `ip route`. One non-obvious
thing is strongswan may install an additional route table. You can see all
the tables that exist with `ip rule`. The one strongswan makes is called
sim
Some updates.
I'm now able to create the vti interface and I have an address assigned to
the vti
Result of "ifconfig"
vti0 Link encap:IPIP Tunnel HWaddr
inet addr:10.3.188.149 P-t-P:10.3.188.149 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MTU:1332 Metric:1
Hi Phil/All,
Sorry for the mistake - Bad copy/Paste
Nevertheless, things are not better after fixing the path.
Indeed, after restarting ipsec,
- SSH connection is dropping
- No way to resolve any web site
In the syslog, I've seen the following message
> ...
charon: 00[CFG] loading ocsp sign
It looks like the leftupdown option is set to run some other script than
the one you created.
On Fri, May 18, 2018, 05:26 Gilles Printemps wrote:
> Hi Phil, All
> I tried to look for some details how to implement a route based VPN and
> I've created the following configuration
>
> First, I've cr
Hi Phil, All
I tried to look for some details how to implement a route based VPN and
I've created the following configuration
First, I've created the following script which will be called by the VPN at
the start/end of the connection
As a test, I tried to route only 172.217.19.69 (it's one of the
One way to go would be configuring a route based VPN[1]. Then you can use
all kinds of Linux routing tricks to get just that user's traffic over the
VPN by directing it to the vti interface. For example you could launch that
user's processes in a network namespace, or use the "owner" module of
ipta
