0

I have created an ipsec tunnel on Ubuntu between two nodes successfully and I can ping nodes in the other networks successfully. My question is how do I add a route to another node (not the vpn node) so that it can send traffic on a specific ip through the vpn to external private network. Is this possible? Or do I have to send all traffic to the VPN node?

This is created:

SiteA---------------SiteB
10.2.0.1 <==inet==> 10.3.0.1

From node in Site A, I can ping Site B and nodes in SiteB network.

ISSUE

Node A.1------ SiteA---------------SiteB
10.2.0.10 <=Lan=>10.2.0.1 <==inet==> 10.3.0.1 <==LAN ==> 10.3.0.2

I cannot ping a node in Site B or Site B from Node A.1 From SiteB though I can ping Node A.1

I tried adding static route to A.1 ip route add 10.3.0.2/32 via 10.2.0.1 dev eth1

but I get the error RTNETLINK answers: Network is unreachable

Is this possible to route traffic for certain IP through the IPsec tunnel?

user9647
  • 1

1 Answers1

0

You can't just add an additional route. The IPsec policies have to match too. That is, they have to include all the host addresses/subnets you want to reach.

You can control these so called traffic selectors with left|rightsubnet in ipsec.conf or local|remote_ts in swanctl.conf.

ecdsa
  • 3,973
  • 15
  • 29