Hi, in the roadwarrior configuration, from a conceptual point of view, why doesn't table 220 change the source IP address of forwarded packets (say the roadwarrior has a subnet behind it)?
# ip ro sho table 220 10.0.0.0/8 via 192.168.1.1 dev eth0 proto static src 10.2.0.3 # ip rule show 0: from all lookup local 220: from all lookup 220 32766: from all lookup main 32767: from all lookup default roadwarrior has a separate subnet 192.168.2.0/24 and is forwarding/NAT'ing packets. When I ping a host on the central site LAN - OUTPUT chain sees the source IP address as 10.2.0.3 (table 220 is working!) - FORWARD chain sees the source IP address as 192.168.2.X (host cannot be reached until these packets are SNAT'ed to 10.2.0.3) -- Richard Chan
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
