![]() ![]() TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0Īfter days of trying & searching the forums, I've the feeling I'm missing something critical, is this setup even possible?įirst of all thanks for the quick feedback. However my VTI device doesn't get the IP's assigned?: All firewalls accept all forwarding traffic as well.Ĭommands used to create the VTI for site A: I added a second IP to the loopback interface to make sure the IP exists (172.16.1.1). However I can see the echo request being sent to the correct VTI using tcpdump.Ĭurrently I'm testing with another Debian machine instead of the RUT950. I'm getting Destination host unreachable when trying to ping 172.16.1.1 using the server. ![]() However I'm unable to get the virtual interfaces & IP's to work. Our remote router succeeds in establishing the connections. This works with our current IPsec/L2TP solution.Ĭurrently the routing/firewalling on the server is handled by iproute & iptables, due to other requirements we want to keep it that way, that's why we want to use virtual interfaces (server only) We use a 1-1 NAT (iptables NETMAP) rule to translate the ranges. ![]() We're trying to connect to the LAN devices on these sites using a virtual IP range instead of the actual LAN range because these ranges are identical (being 192.168.0.0/24). We have central VPN server running strongswan 5.5.1 on Debian 9 and multiple sites connecting to this VPN server using a low cost teltonika RUT950 modem (also strongswan). We have a working solution using transport mode tunnels (ipsec/l2tp tunnels), however our client insists to not use L2TP & use ipsec in tunnel mode instead. For some time now I've been trying to set up a very specific support network for one of our clients. ![]()
0 Comments
Leave a Reply. |