-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Zesen,
You need to include your public IP in the traffic selector. Doing that might be tricky, if you have a dynamic IP. The routes have nothing to do at all with what packets get tunneled. It's a policy based VPN, not a route based one. Mit freundlichen Grüßen/Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 12.01.2015 um 15:23 schrieb Zesen Qian: > Hello list, > I 'm configuring strongswan of 10.0.0.0/24 === 0.0.0.0/0, and do a > MASQUERADE on the other side. > By now clients in the LAN(10.0.0.80) can see its traffic being > tunnelled. Now my question is, is there any way to tunnel the traffic of > router itself? Yes, if I send a IP packet with src=10.0.0.1 then it will > be tunnelled, but consider a packet with src=22.22.22.22, which is the > public IP of my router, it won't be tunneled? > BTW, I noticed that StrongSwan will insert a route table with something > like: > # ip route list table 220 > default dev is0 proto static src 10.0.0.1 > 10.0.0.0/24 dev enp0s29f7u2u4 proto static src 10.0.0.1 > > The src field seems to be related to my question, but I was told that it > 's only a 'hint' to local bind() call, and won't have effect on packet > already with a src field. > > Any comments is appreciated. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJUtBamAAoJEDg5KY9j7GZY1XMP/RrYr6hDHvkN7UiZ3VIYw1ST 84yLE8kA2K62GK6eKts59wwCahEsoPQgPy3yqAElBfC3+M7v2VM+Gg/0l5eBmRph c3Znq15sj+Dqoy9Qbi4wDh7EjtSRz2rJpMxMRLxJbhv4Am6Wsd5cuvX1ln95jIeZ ZFwZPvE8t855FJ/hD9UeAcR4SI7XuMpPx/zLfbXGzunQvk/8xWsIJ5MLQgAXgTdB nuChTu4kQWP2hY4ernxXNBpzwBBXs8UIrHH9JmVRvLgQrhz/7+BrZmiSXShDvVw4 ViwVlgiUbtK5dJoCNjNhl079kjOFRn9bC1RLvhV6b8Ai8WGLDSNO884+dJGp6XzZ bTDb3drTjpQPrM6w1x7BV2++T5n1VMXiWHDv3brArsL0pjR0HzbUyxrS/igClEg6 /7mQvI6dD2GNwfZnj7wpXHw59fdSl22JS4KP6oxjS4C2tj3ii2wXAtod+6VavgUq DH+c//CotrbVjtnrYEZ4lJArrdkkXkP4Elz+gXT/tW74mrlwwx8MKh68Q77659Iv sRTBmia0D6rQhsDV+3dNT4hsOp4UXgQj5OmVHNz9EwYQ2+NrxDTekWsr+PBvoL02 Td6CM3HCnPsTkRrAOnqUu67g3mFuB3ddJne+Umqjilmd9labjpe/zHVgo2a/CRLv EKbHO/KWn4M6LBH6cHvI =Rabt -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
