Hi René, Please provide the output of `ipsec statusall` as well as `ip x p`. Also, what are your firewall rules (iptables-save, nft list ruleset).
Kind regards Noel On 10.10.22 15:44, Rene Maurer wrote:
Hi I am using strongSwan U5.4.0/K4.4.107 (embedded device). The ipsec tunnel is established over a mobile network and it works fine. Additionally I have an Ethernet interface eth0 with the address 10.162.110.161. eth0 is connected to 10.162.110.165. I am looking for a way to access the devices connected to eth0 also locally and not only through the tunnel (connections 10.162.110.161 <=> 10.162.110.165 should work). Is that even possible? If so how? I have: --------- # ipsec status Security Associations (1 up, 0 connecting): one[1]: ESTABLISHED 9 seconds ago, 10.162.225.65[****]...91.230.141.233[****] one{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: cb51bd6c_i b9503f34_o one{1}: 10.162.110.160/29 === 10.0.0.0/ --------- # route -n Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0 10.162.110.160 0.0.0.0 255.255.255.248 U 100 0 0 eth0 --------- ip route show table 220 10.0.0.0/8 via xxx.xxx.xxx.xxx dev ppp0 proto static src 10.162.110.161 ---------- # ipsec.conf: conn one # we are left left=10.162.225.65 leftid=***** leftsubnet=10.162.110.160/29 leftcert=****.crt leftsendcert=always # XXX is right right=xxx.xxx.xxx.xxx. rightid=**** rightsubnet=10.0.0.0/8 auto=start ---------- Regards René