LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page route particualar hosts through vpn tunnel openswan
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-25-2014, 01:44 AM   #1
Gil@LQ
Member
 
Registered: Apr 2010
Location: India /Hyderabad
Distribution: RedHat, CentOS
Posts: 273

Rep: Reputation: 1
route particualar hosts through vpn tunnel openswan

hi

i configured openswan between two ubuntus and working fine, now my requirement is i need to route few of my public ip traffic via vpn tunnel, i mean lets say my servers are

ubuntu 1 >> VPN OPENSWAN >> ubuntu 2

now if i ping x.x.x.x (my public ip) from ubuntu 1 it shouldn't go via public interface, it shoud go lik

>>>>> ubuntu 1 >>> vpn tunnel >> ubuntu 2 >>>> x.x.x.x

please help me , i added route on ubutnu 1

route add -host x.x.x.x dev eth0(vpn interface)

but not pinging, i ran tcpdump on ubuntu 2 but traffic not reaching, i also enabled masquerade and ip_forwarding on ubutu 2

please help me out.
 
Old 01-25-2014, 12:27 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,339

Rep: Reputation: Disabled
IPsec doesn't use tunnel interfaces, so you can't direct packets through an IPsec tunnel using entries in the routing table. The source and destination addresses must instead match an IPsec Phase 2 policy.

You have two options:
  1. Alter the IPsec policy in OpenSwan (on both sides) to include the IP addresses in question
  2. Set up interface-based tunneling by some other means (like GRE or IPIP) and simply encrypt the traffic between the endpoints with IPsec in Transport Mode.
The latter solution is probably by far the simplest, and it would mean that you could later change the traffic being tunneled/encrypted by simply manipulating the routing table; no changes to the IPsec setup would be required.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Adding NAT IP to Openswan VPN Tunnel on Amazon EC2 ckkoba Linux - Networking 3 11-27-2013 06:06 AM
Route Get_iPlayer through VPN Tunnel loveSpend Linux - Newbie 6 06-28-2013 10:36 AM
OpenVPN route issues, all traffic through VPN tunnel stuartornum Linux - Server 4 03-05-2007 03:07 AM
Openswan/Cisco PIX: NATting a VPN Tunnel SnotRocket Linux - Networking 1 01-28-2007 09:13 PM
Can I Route Specific Addresses Through an IPSec VPN Tunnel? strick1226 Linux - Networking 3 12-15-2005 08:30 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:00 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration