1

On my Linux box, I got a tun0 dev by ipip like:

tun0      Link encap:IPIP Tunnel  HWaddr   
          inet addr:10.10.10.2  P-t-P:10.10.10.1  Mask:255.255.255.255

and I running a ipsec vpn server(ipsec-tools) on this box, how can I route all vpn traffic through the dev tun0 on the server, (like Openswan's leftnexthop ).

my vpn client got ip address like 10.9.0.1.

timy
  • 699
  • 1
  • 7
  • 14
  • You have two issues there. First, you need a simple route and then you have to set the policies. You have to configure the policies of ipsec-tools to allow the traffic between the networks. I don't remember the syntax, I haven't used ipsec-tools for a while. – Diego Woitasen May 05 '12 at 13:07
  • I tried: spdadd 0.0.0.0/0 10.10.10.1 any -P out ipsec esp/transport//require; spdadd 10.10.10.1 0.0.0.0/0 any -P in ipsec esp/transport//require; but with no luck. – timy May 05 '12 at 15:21
  • And what about the routing? – Diego Woitasen May 07 '12 at 20:27
  • @diegows ip rule add from 10.9.0.0/24 lookup 3 ; ip route add default via 10.10.10.1 table 3 – timy May 08 '12 at 06:08

0 Answers0