Hi Sridhar, Yes, remote currently acts as a road warrior. If there's any good solutions that require my network to have another topology - feel free to suggest your thoughts :) Note that a remote has the same IP address all the time and is always connected. I have a similar idea about a GRE tunnel. For example, make a GRE tunnel within a dedicated network namespace and include the process to this namespace. However, maybe there's something more elegant? For example, using iptables to mark packets and make custom routes.
2016-06-26 21:04 GMT+03:00 pothuganti sridhar <[email protected]> : > Hi, > > I have one Q. Is your deployment is like Server <-> Road warrior Client? > OR normal site to site? > But as per your explanation, your remote looks like to be a road warrior > client. In this deployment, only the traffic destined to VIP of road > warrior client is encrypted and will be sent to the remote. If you want to > route your internet traffic through remote road warrior client, you need to > establish one more tunnel like GRE in the IPSec tunnel. You need to > encapsulate your IP traffic into the GRE and then into the IPSec tunnel. > This might be a probable option foe your case. > > Regards, > Sridhar > > On Sun, Jun 26, 2016 at 9:14 PM, Artyom Aleksyuk <[email protected]> > wrote: > >> Hello. >> I have an IPsec server running strongSwan which allows several remote >> machines to access a local network (via FARP and DHCP plugins). >> Also I have a remote machine with an IPsec client (strongSwan too). >> I want to force one of the processes running on the IPsec server machine >> to route all it's traffic through the IPsec client. It's still allowed to >> access other machines in the LAN, but Internet traffic should go only >> through the client. >> How can I do this? A server runs Linux kernel version 3.10. >> >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users >> > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
