StrongSwan how to forward packets from client 1 subnet to client 2 subnet?

E

ettaluni2021-03-04 13:43:29

VPN

ettaluni, 2021-03-04 13:43:29

Good day! I opened the local network of vpn clients, now I don’t know how to forward packets from the local network of Client1 through the strongSwan tunnel to the local network of client 2.
that is, this route: 192.168.10.1 -> 10.1.1.1 -> StrongSwan Server -> 10.1.1.2 - > 192.168.20.1
Does anyone know how to do this?
My cool network:

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

M

Maxim Grishin, 2021-03-04
@ettaluni

According to the results of the discussion, a rather large set of changes is included. First, you need to change the subnet settings in both tunnels: on server 10.0. additionally leftsubnet=192.168.20.0/24 for 10.1.1.1 and 10.0/24 for 10.1.1.2. The same setting should be on the client side, since they now have to push packets into the tunnel for non-local subnets, i.e. if leftsubnet=192.168.10.0/24, then rightsubnet must also contain 192.168.20.0/24, and mirror for the second client.
Secondly, on each client, you need to add a route to the remote network through 10.0.1.1. The server, in theory, when raising connections, will add routes to their rightsubnets on its own. It's worth checking, ip route show table all should show in table 220 (by default, strongswan adds VPN routes to it) the correct routes inside each tunnel.