> I want to be able to route one specific IP (say 192.168.0.100) address > on local LAN A so that its gateway is gateway of remote LAN B (say > 192.168.10.1). LAN A and B are connected through a site-to-site VPN > using strongswan:
If I understand correctly, you have an IPsec gateway on each network, and connect these together using that site-site tunnel, but that specific IP 192.168.0.100 is not directly doing IPsec? What you need is to have the correct routes installed on your non-IPsec hosts. 192.168.0.100 needs a default route over the IPsec gateway, so that can forward your traffic. That it can do so, you'll need a tunnel for that traffic: leftsubnet=192.168.0.100/32 and rightsubnet=0.0.0.0/0. For the reverse path, you'll have to tell the default gateway on LAN B where to route traffic to destination 192.168.0.100, which is the IPsec gateway on your LAN B (it should know that if your IPsec gateway is your default gateway). As a general rule, you just have to make sure to negotiate the correct traffic selectors for traffic that you want to forward by your IPsec gateways. Everything else is more or less just plain IP routing. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
