Greetings,
I have an issue with an VPN i'm building.
I need to access to subnets : 10.0.1.0/24 from my local equipment (local
IP 10.0.100.0/24 (debian10 server, ip forward activated). I did create
an swanctl configuration :
connections {
sample1 {
local_addrs=1.1.1.1
remote_addrs=2.2.2.2
local {
auth=psk
id=1.1.1.1
}
remote {
auth=psk
id=2.2.2.2
}
dpd_delay=5
version=2
dpd_timeout=240
rekey_time=180m
proposals=aes256-sha2_512-prfsha512-ecp384
children {
sample1_sub {
local_ts=10.0.1.0/24
remote_ts=10.0.100.0/24
esp_proposals=aes256-sha2_512-ecp384
rekey_time=8h
life_time=3h
dpd_action=start
start_action=start
mode=tunnel
}
}
}
}
secrets {
sample1_psk {
id-1=1.1.1.1
id-2=2.2.2.2
secret=thissiasecret
}
}
The tunnel got up with no issue :
[E1]root@server1:/etc/swanctl$ swanctl -l
sample1: #2, ESTABLISHED, IKEv2, c7915dbccec5c781_i d851ade093b4f8b1_r*
local '1.1.1.1' @ 1.1.1.1[500]
remote '2.2.2.2' @ 2.2.2.2[500]
AES_CBC-256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_384
established 5370s ago, rekeying in 5290s
the route to reach target subnet is also added to table 220 when the
tunnel gets up :
[E1]root@server1:/etc/swanctl$ ip route show table 220
10.0.1.0/24 via 1.1.1.1 dev eth0 proto static src 10.0.100.254
but whenever i try to use the tunnel (like doing a traceroute to
10.0.1.0 -s 10.0.100.254) my traffic goes to the eth0 regular WAN and
never gets encapsulated into the tunnel.
I looked into it reading docs for a while but i was not able to find
the reason. Likely due to my lack of knowledge i bet :/
Can anyone help me tu understand what i missed ?
nota: i did not add anything related to FW as i firstly need to have
traffic going to the tunnel. As long as is goes to regular internet it's
pointlesss setting it up
Thanks
Stephane
