Site A:
- Device: CentOS Server
- eth0: public IP address
- eth1: 10.0.0.1/24 (dedicated vlan)
Site B:
- Device: Juniper SRX
- ge-0/0/0: public IP address
- ge-0/0/5: 192.168.1.1/24
I've configured a site to site VPN using strongswan between two locations. I can access 192.168.1.1/24 network from 10.0.0.1 CentOS server without any problem, but I've got other servers in this IP block for example 10.0.0.2, 10.0.0.3 and 10.0.0.4 - I've setup a routing on these servers:
route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.0.0.1
and I can see the traffic on the 10.0.0.1 from for example 10.0.0.2 but it's not going via VPN. It looks like the traffic is going from 10.0.0.2 via 10.0.0.1 and its stopping there for some reason.
In the sysctl.conf I've enabled net.ipv4.ip_forward on both servers.
Strongswan conf:
conn srx
ikelifetime=360m
keylife=30m
auto=start
keyexchange=ikev1
authby=secret
type=tunnel
esp=esp-aes256-sha1-modp1024
ike=aes256-sha1-modp1024
left=[CentOS public IP address]
leftsubnet=10.0.0.0/24
right=[SRX public IP address]
rightsubnet=192.168.1.0/24
In the IPtables I've allowed traffic between my CentOS server and SRX (any, so nothing is blocking me)
In the route table (using command route -n) I don't see any route to 192.168.1.0/24 but I can access this network fine from 10.0.0.1.
Do you know how can I fix this problem?
