Issue #1552
Access from server network to Client vip
Description
Hello.
I have the next structure:
1) strongSwan server IP 10.27.230.12
2) Windows 7 Cliient virtual IP 10.20.30.1 (provided by server)
3) Windows Terminal Server IP 10.27.230.10
I need to access from 10.27.230.10 to 10.20.30.1 when tunnel is enabled.
Now I add route in 10.27.230.10 (route add 10.20.30.0 mask 255.255.255.0 10.27.230.12)
Can you help me?
my ipsec.conf:
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
rightdns=10.27.230.10,10.27.230.5
rightsourceip=10.20.30.0/24
rekey=no
conn rw-eap
left=%any
leftsubnet=10.27.230.0/24,10.27.227.10
leftid=%any
leftcert=HostCert.der
leftauth=pubkey
leftfirewall=yes
rightid=%any
rightauth=eap-radius
rightsubnet=10.20.30.0/24
eap_identity=%any
rightsendcert=never
right=%any
auto=add
Related issues
History
#1 Updated by Tobias Brunner about 9 years ago
- Related to Issue #1548: Cannot connect added
#2 Updated by Vitaliy Girenko about 9 years ago
Hello Tobias.
I do everything that describes in article, but I still can not ping host 10.20.30.1 from 10.27.230.10. But I can ping it from 10.27.230.12.
#3 Updated by Tobias Brunner about 9 years ago
- Status changed from New to Feedback
I do everything that describes in article, but I still can not ping host 10.20.30.1 from 10.27.230.10. But I can ping it from 10.27.230.12.
So find out why that is. Follow the packets that are sent between the hosts (e.g. by using tcpdump/Wireshark) and assess where they are dropped or sent to the wrong host. It could also be an MSS issue (again refer to ForwardingAndSplitTunneling).
#4 Updated by Noel Kuntze over 8 years ago
- Category set to configuration
- Status changed from Feedback to Closed
- Resolution set to No feedback