Hi Andreas, I couldn't get it to work. All hosts on subnet A is only Host A. But standard unix routing on Host A doesn't know about subnet B. If I tried to reach from Host A to Host C with subjnet B address 169.254.2.10, it works fine. I think IPSec handles that part. If I tried to reach Host C with its subnet C address, ping fails with message from first gateway 169.254.1.1. This gateway simply doesn't ' know about 169.254.3.1.
On Host B, I can reach Host C with subnet C address since I can ping from Host B to 169.254.3.1. So I have a route from A to B, since I can ping from A to B (169.254.1.1 to 169.254.2.1). I also have a route from B to C, since I can ping from B to 169.254.3.1. But I cannot ping from A to C at address 169.254.3.1. Thanks, Terry On Thu, Jun 21, 2012 at 12:06 AM, Andreas Steffen <[email protected]> wrote: > Hi Terry, > > you have to define the following Traffic selectors: > > Host A > > conn a-b-c > leftsubnet=169.254.1.0/24 > rightsubnet=169.254.2.0/23 > ... > > Host B > > conn a-b-c > leftsubnet=169.254.2.0/23 > rightsubnet=169.254.1.0/24 > ... > > All hosts on subnet A must have 169.254.1.1 as their default gateway > All hosts on subnet B must have 169.254.2.1 as their default gateway > All hosts on subnet C must have 169.254.3.1 as their default gateway > > Host C must have a route to subnet A via host B > Host B must have a route to subnet C via host C > > Regards > > Andreas > > On 21.06.2012 07:54, T Cheung wrote: >> Hi, >> >> I am trying to configure a route to a subnet, but couldn't figured out how. >> >> Here is my setup: >> >> Host A on subnet A (169.254.1.0) with ip address 169.254.1.1. >> Host B on subnet B (169.254.2.0) with ip address 169.254.2.1. >> Strongswan is running on both Host A and B and have IPsec tunnel >> between subnet A and subnet B. >> >> Host C is on subnet B with ip address 169.254.2.10. I can ping from >> Host A to Host C. >> >> Host C is also on another subnet C (169.254.3.0) with ip address 169.254.3.1. >> Host C would not have strongswan. And Host D is on same subnet C with >> ip address 169.254.3.2. >> >> Is there a way to set up a route such that we can ping from Host A to >> Host D? For example, to >> install a route on host A that says to get to the 169.254.3.0 net by >> going thru 169.254.2.10. Linux >> routing does not know about 169.254.2.10. >> >> Thanks, >> Terry > > ====================================================================== > Andreas Steffen [email protected] > strongSwan - the Linux VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
