Hi, For reachability testing purposes I would like to mimic inner tunnel traffic toward resources beyond the terminating GW. I read that I might be able to achieve that by setting some routing rules (table 220?).
When I establish an IPSec tunnel, on the GW I see the following (my VIP pool is 192.168.50.1 to .60 I believe): 192.168.50.9 via 192.168.1.164 dev eth1 table 220 proto static eth1 is the side toward the initiator, eth0 is where the inner traffic usually flows too (behind the GW). 1. Do you think that I should create a virtual interface on top of eth0, then send the traffic from it? Or is there a way to setup routing rules to allow this? Obviously I would like to be able to get the responses back. 2. How does the GW today knows how to route traffic coming from the tunnel into eth0? Here is the rest of the table: ip route show table all default via 192.168.60.2 dev eth0 table 102 192.168.60.0/24 dev eth0 table 102 scope link default via 192.168.1.1 dev eth1 table 103 192.168.1.0/24 dev eth1 table 103 scope link 192.168.50.9 via 192.168.1.164 dev eth1 table 220 proto static default via 192.168.60.2 dev eth0 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 192.168.1.0/24 dev eth1 scope link metric 6 192.168.60.0/24 dev eth0 scope link metric 3 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 broadcast 172.17.0.0 dev docker0 table local proto kernel scope link src 172.17.0.1 local 172.17.0.1 dev docker0 table local proto kernel scope host src 172.17.0.1 broadcast 172.17.255.255 dev docker0 table local proto kernel scope link src 172.17.0.1 broadcast 192.168.1.0 dev eth1 table local proto kernel scope link src 192.168.1.237 local 192.168.1.237 dev eth1 table local proto kernel scope host src 192.168.1.237 broadcast 192.168.1.255 dev eth1 table local proto kernel scope link src 192.168.1.237 broadcast 192.168.60.0 dev eth0 table local proto kernel scope link src 192.168.60.201 local 192.168.60.201 dev eth0 table local proto kernel scope host src 192.168.60.201 broadcast 192.168.60.255 dev eth0 table local proto kernel scope link src 192.168.60.201 broadcast 192.168.122.0 dev virbr0 table local proto kernel scope link src 192.168.122.1 local 192.168.122.1 dev virbr0 table local proto kernel scope host src 192.168.122.1 broadcast 192.168.122.255 dev virbr0 table local proto kernel scope link src 192.168.122.1 Thanks!
