This route should be inserted in route table 220
发自我的 iPhone > 在 2015年5月30日,14:00,Alan Tu <[email protected]> 写道: > > Hmmm, I don't think this worked. The pre- and post-VPN routing tables > are actually identical: > > $ route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 0.0.0.0 172.31.48.1 0.0.0.0 UG 0 0 0 eth0 > 172.31.48.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0 > > I then added a new route: > # route add -net 172.31.48.0 netmask 255.255.240.0 gw 172.31.48.1 dev eth0 > > New routing table: > $ route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 0.0.0.0 172.31.48.1 0.0.0.0 UG 0 0 0 eth0 > 172.31.48.0 172.31.48.1 255.255.240.0 UG 0 0 0 eth0 > 172.31.48.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0 > > I still couldn't SSH to 172.31.63.211 while the VPN tunnel is up. > > Alan > > >> On 5/30/15, Zhuyj <[email protected]> wrote: >> Check route, 0.0.0.0 is not good, a specific LAN is better >> >> >> 发自我的 iPhone >> >>> 在 2015年5月30日,7:58,Alan Tu <[email protected]> 写道: >>> >>> Hello, I'm using Strongswan 5.3.0 to successfully connect a Linux >>> machine to a VPN over the Internet. However, after I bring up the VPN >>> tunnel, my client Linux machine cannot talk to other machines on its >>> own LAN, even though it can talk to machines everywhere else on the >>> Internet, as well as to machines on the VPN. Can someone give me a >>> hint as to the solution? >>> >>> My client machine has IP address 172.31.59.36. The eth0 network >>> interface has netmask /20. The pre-VPN routing table: >>> >>> $ route >>> Kernel IP routing table >>> Destination Gateway Genmask Flags Metric Ref Use >>> Iface >>> default gateway_hostname. 0.0.0.0 UG 0 0 0 >>> eth0 >>> 172.31.48.0 * 255.255.240.0 U 0 0 0 >>> eth0 >>> >>> Post-VPN routing table: >>> $ route >>> Kernel IP routing table >>> Destination Gateway Genmask Flags Metric Ref Use >>> Iface >>> default gateway_ip 0.0.0.0 UG 0 0 0 >>> eth0 >>> 172.31.48.0 * 255.255.240.0 U 0 0 0 >>> eth0 >>> >>> Here are some potentially relevant lines from my ipsec.conf file: >>> conn vpn >>> type=tunnel >>> aggressive=yes >>> xauth=client >>> left=%any >>> leftid=keyid:... >>> leftsourceip=%modeconfig >>> right=[public IP of VPN gateway] >>> rightsubnet=0.0.0.0/0 >>> >>> After the Strongswan VPN connection is brought up, and the virtual IP >>> is inserted into eth0, I cannot access other machines in the >>> 172.31.x.x range. The VPN virtual IP addresses are in the 10.0.0.0/8 >>> range, so there is no apparent conflict. I think my root problem is >>> something related to routing, but I don't know how to fix it. Because >>> routing to local servers on the LAN no longer works, non-VPN DNS >>> doesn't work either, which creates secondary problems. >>> >>> I test strictly IP connectivity with ssh: >>> $ ssh [email protected] >>> >>> If the VPN connection is up, this fails. If I bring down the >>> connection ("ipsec down vpn"), SSH works. >>> >>> Can someone please help? >>> >>> Prior VPN solutions I've used set up a brand new interface, so I'm >>> really stuck. I tried changing rightsubnet to 10.0.0.0/8 (the IP range >>> of the VPN), but VPN connectivity fails altogether. Other ideas I have >>> for a solution include inserting something into the routing table, or >>> getting Strongswan to somehow create its own network interface, but >>> I'm not sure. I'd appreciate some guidance towards a solution. >>> >>> Alan >>> _______________________________________________ >>> Users mailing list >>> [email protected] >>> https://lists.strongswan.org/mailman/listinfo/users >> >> _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
