Hi, a normal net2net connection should do the trick:
http://www.strongswan.org/uml/testresults/ikev2/net2net-cert/ with left=3.3.3.123 leftsubnet=3.3.3.0/22 right=2.2.2.2 rightsubnet=10.0.1.0/24 Just make sure that in the 10.0.1.0/24 network there is a route to the 3.3.3.0/22 net via the [default] gateway 10.0.1.1 and in the 3.3.3.0/22 network a route exists which directs traffic for the 10.0.1.0/24 network to 3.3.3.123. If gateway 2.2.2.2 is NAT-ing traffic from the 10.10.1.0/24 network towards the Internet then you must exempt the traffic to be tunneled from the NAT rule by inserting an IPsec policy rule into your firewall: iptables -A POSTROUTING -s 10.0.1.0/22 -o eth0 -m policy \ --dir out --pol ipsec --proto esp -j ACCEPT iptables -A POSTROUTING -s 10.0.1.0/22 -o eth0 -j MASQUERADE assuming the 2.2.2.2 is eth0. Best regards Andreas On 06/06/2012 02:41 PM, Dr.Peer-Joachim Koch wrote: > Hi, > > I'm trying to find out how build something like a > side2side connection using strongswan. > We have an external host with a private subnet (10.0.1.0/24). > This subnet should be visible from the gw host and all > hosts within the subnet of gw host. > Here is an overview > > > external host > 10.0.1.0/24 - 10.01.1 2.2.2.2 > > > > gw host > 3.3.3.0/22 - 3.3.3.123 > > > > So how can I make the external network accessaible > from our network ? > I did not find any example (or did not look at the right place ..). > The host-host connection is working fine, but a ping into the external > network does not reach the destination, but can be seen in the log of > the external host. Therefore the routing (in both directions) seems to > be the problem. > > Any help would be welcome! ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
