Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
ettaluni2021-03-11 15:54:49
VPN
ettaluni, 2021-03-11 15:54:49

StrongSwan forwarding local networks of clients, VPS as a router?

Good day! There is a VPN network built on VPS and StrongSwan. VPS is needed because one client has a gray ip.
Clients are located on virtual machines in subnets 192.168.10-20, connect to the VPS, receive addresses from it, routes are prescribed, etc. VPN rises, clients 10.1.22.1-2 see each other, like everyone is happy except me))
I it is necessary that there was access to local networks of each client, the father-in-law to networks 192.168.10-20.
I was able to configure the clients to send traffic to the destination 192.168.10-20 in the tunnel, but the VPS server is dumb.
Traceroute 192.168.10-20, I see that the packet reaches the VPS (local ip 172.26.13.11) and then flies to the Internet (probably to the default gateway).
The server began to torment that I did not try to register a separate conn, Left\right set 192.168.10-20, alternately 10.1.22.1-2 and 192.168.10-20, to no avail. It still goes online.
Tried to write policies:

ip xfrm policy add src 0.0.0.0/0 dst 192.168.10.0/24 dir out tmpl src 172.26.13.11 dst <Public IP Клиента 1> proto esp reqid "2" mode tunnel
ip xfrm policy add src 192.168.10.0/24 dst 0.0.0.0/0 dir in tmpl src <Public IP Клиента 1>  dst 172.26.13.11 proto esp reqid "2" mode tunnel
ip xfrm policy add src 192.168.10.0/24 dst 0.0.0.0/0 dir fwd tmpl src <Public IP Клиента 1>  dst 172.26.13.11 proto esp reqid "2" mode tunnel

Or
ip xfrm policy add src 0.0.0.0/0 dst 192.168.10.0/24 dir out tmpl src 172.26.13.11 dst 10.1.22.1 proto esp reqid "2" mode tunnel
ip xfrm policy add src 192.168.10.0/24 dst 0.0.0.0/0 dir in tmpl src 10.1.22.1 dst 172.26.13.11 proto esp reqid "2" mode tunnel
ip xfrm policy add src 192.168.10.0/24 dst 0.0.0.0/0 dir fwd tmpl src 10.1.22.1 dst 172.26.13.11 proto esp reqid "2" mode tunnel

After them, traceroute 192.168.10-20 fell silent altogether, 172.26.13.11 does not go further than the local ip.
Can you tell me what to register on the VPS so that packets from the destination 192.168.10-20 go to the corresponding clients?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
W
w1ld2016-09-21 11:57:32
Which "clean" VPN to use? 0Reply
U
uchia9112020-11-20 13:59:18
Why does TOR change the outgoing node? 1Reply
T
TiGR2014-09-19 22:54:13
How to make PPTP VPN connect not only through a router, but also directly? 1Reply
F
fastboot2022-04-14 20:17:17
OpenWRT to specify traffic routing for a specific interface? 1Reply
W
Williboy2022-04-15 07:16:02
How to solve the problem: does not wrap traffic through the VPN routing table? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question