You probably didn't disable the installation of routes by charon. On 11.09.2017 20:01, Cao, Jean wrote: > > I am setting up Route Based VPN. The setup is as this: > > > > Host-A --- Gateway-A --- Router --- Gateway-B --- Host-B > > > > I have strongswan set up on Gateway-A and Gateway B. Without creating Route > Based VPN, the > > > > We have created VTI on both gateways. We could ping between host. However, > we do notice that at the gateway, the outgoing traffic is bypassing the vti > interface. But incoming traffic from the remote gateway is received at the > vti interface. > > > > For example, when ping from Host-A to Host-B, the ping request arrives at > Gateway-A and is forwarded to Gateway B through Router. However, the ping > request is not going through vti, instead, it is sent through physical > interface in encrypted packets. > > > > At Gateway B, the physical interface sees the encrypted packets, and the vti > interface sees clear packets of ping request. Similarly, the ping echo > packets from Host-B bypass the vti at Gateway-B, and out through the physical > interface as encrypted packets. > > > > At Gateway A, the ping echo packets are received at the vti successfully. > > > > I couldn’t figure out what is the cause of this problem. Can anyone give me > some hints? > > > > Thanks! > > Jean >
signature.asc
Description: OpenPGP digital signature
