Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
ettaluni2021-03-11 15:54:49
VPN
ettaluni, 2021-03-11 15:54:49

StrongSwan forwarding local networks of clients, VPS as a router?

Good day! There is a VPN network built on VPS and StrongSwan. VPS is needed because one client has a gray ip.
Clients are located on virtual machines in subnets 192.168.10-20, connect to the VPS, receive addresses from it, routes are prescribed, etc. VPN rises, clients 10.1.22.1-2 see each other, like everyone is happy except me))
I it is necessary that there was access to local networks of each client, the father-in-law to networks 192.168.10-20.
I was able to configure the clients to send traffic to the destination 192.168.10-20 in the tunnel, but the VPS server is dumb.
Traceroute 192.168.10-20, I see that the packet reaches the VPS (local ip 172.26.13.11) and then flies to the Internet (probably to the default gateway).
The server began to torment that I did not try to register a separate conn, Left\right set 192.168.10-20, alternately 10.1.22.1-2 and 192.168.10-20, to no avail. It still goes online.
Tried to write policies:

ip xfrm policy add src 0.0.0.0/0 dst 192.168.10.0/24 dir out tmpl src 172.26.13.11 dst <Public IP Клиента 1> proto esp reqid "2" mode tunnel
ip xfrm policy add src 192.168.10.0/24 dst 0.0.0.0/0 dir in tmpl src <Public IP Клиента 1>  dst 172.26.13.11 proto esp reqid "2" mode tunnel
ip xfrm policy add src 192.168.10.0/24 dst 0.0.0.0/0 dir fwd tmpl src <Public IP Клиента 1>  dst 172.26.13.11 proto esp reqid "2" mode tunnel

Or
ip xfrm policy add src 0.0.0.0/0 dst 192.168.10.0/24 dir out tmpl src 172.26.13.11 dst 10.1.22.1 proto esp reqid "2" mode tunnel
ip xfrm policy add src 192.168.10.0/24 dst 0.0.0.0/0 dir in tmpl src 10.1.22.1 dst 172.26.13.11 proto esp reqid "2" mode tunnel
ip xfrm policy add src 192.168.10.0/24 dst 0.0.0.0/0 dir fwd tmpl src 10.1.22.1 dst 172.26.13.11 proto esp reqid "2" mode tunnel

After them, traceroute 192.168.10-20 fell silent altogether, 172.26.13.11 does not go further than the local ip.
Can you tell me what to register on the VPS so that packets from the destination 192.168.10-20 go to the corresponding clients?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
S
svolosch2016-07-14 16:29:03
What is the minimum server configuration for a vpn server for 2-5 connections? 3Reply
G
gadzhikuliev2022-02-08 17:55:09
Why is the gateway not pinged from client PCs while the IPSec tunnel is running? 1Reply
A
AlexanderVladimirovich2018-12-13 16:25:45
How does a VPN work (hard case)? 2Reply
K
Kirill Gorelov2022-02-10 13:46:47
VPN with reboot via console? 5Reply
M
Misty Hedgehog2016-07-27 10:30:14
Why VPN (pptpd) works when connected from a desktop, but does not work when connected from mikrotik? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question