Hello Noel, Thanks for reply. Do you mean something like this? left=22.22.22.22 leftsubnet=10.0.0.0/24, 22.22.22.22/32 right=33.33.33.33 rightsubnet=0.0.0.0/0
Will it also tunenl the traffic between 22.22.22.22 and 33.33.33.33? Is that a deadloop? Since according to [1], any packet with src=22.22.22.22 and dst=any will be tunneld, and there is no way to "mark" a packet to make it escape from tunnel? Am I right? [1] http://inai.de/images/nf-packet-flow.png Noel Kuntze <[email protected]> writes: > Hello Zesen, > > You need to include your public IP in the traffic selector. > Doing that might be tricky, if you have a dynamic IP. > The routes have nothing to do at all with what packets get tunneled. It's a > policy based VPN, > not a route based one. > > Mit freundlichen Grüßen/Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > Am 12.01.2015 um 15:23 schrieb Zesen Qian: >> Hello list, >> I 'm configuring strongswan of 10.0.0.0/24 === 0.0.0.0/0, and do a >> MASQUERADE on the other side. >> By now clients in the LAN(10.0.0.80) can see its traffic being >> tunnelled. Now my question is, is there any way to tunnel the traffic of >> router itself? Yes, if I send a IP packet with src=10.0.0.1 then it will >> be tunnelled, but consider a packet with src=22.22.22.22, which is the >> public IP of my router, it won't be tunneled? >> BTW, I noticed that StrongSwan will insert a route table with something >> like: >> # ip route list table 220 >> default dev is0 proto static src 10.0.0.1 >> 10.0.0.0/24 dev enp0s29f7u2u4 proto static src 10.0.0.1 >> >> The src field seems to be related to my question, but I was told that it >> 's only a 'hint' to local bind() call, and won't have effect on packet >> already with a src field. >> >> Any comments is appreciated. >> > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users -- Zesen Qian (钱泽森) _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
