0

I am trying to connect my CentOS (CentOS release 6.7) server to a 3rd party VPN so traffic can be routed between my Apache instance listening on an aliased private IP (192.168.253.1), through the tunnel. My server's physical NIC is connected to the internet directly.

I have setup the NIC alias (ifcfg-eth1:0) and configured OpenSwan (Linux Openswan U2.6.32/K2.6.32-573.22.1.el6.x86_64 (netkey)) as best as I can tell.

The tunnel appears to be coming up however no packets are being routed via the tunnel from either side.

The research I have found on the topic says I need to use IPTABLES POSTROUTING rules for the traffic destined to their private subnet (196.34.X.X/24) to be routed via the tunnel (by rewriting the IP SOURCE address to the Alias IP 192.168.253.1 instead of the machines default public IP), however because this newer version of OpenSwan appears to use "ip xfrm", the POSTROUTING in Iptables I tried appear to be ignored (by checking for traffic using tcpdump).

An overview of the network configuration I am attempting to setup:

--- <196.25.X.X (Their GW)> < < ==== IPSEC VPN TUNNEL ==== > > <41.X.X.X (My GW)>

So my primary question is can this be done, i.e. a IPSEC site-to-site(alias)? Where the alias subnet is on the GW machine itself?

Secondly, if it is possible, how can I get the packets routed down the tunnel (I believe by using "ip xfrm" or my Openswan config but from their documentation I have read I cannot see how?

1 Answer 1

0

The issue was cause by incorrect OpenSWAN configuration, it was resolved by following this guide (the other site is using M0n0wall):

http://spb.sdf.org/monowall_openswan.html

To confirm, Openswan can be configured to route, as the private network, on a site-to-site setup to an aliased NIC.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .