We have an ipsec tunnel local subnet: 10.2.226.0/24 remote subnet: 10.227.0.0/16
the local_subnet was the NATted subnet of others subnets.
When the tunnel is up, no traffic to 10.227.0.0/16 In the strongswan.log, we can view the firewall don't want to add the route:
2023-03-17 15:18:04Z 28[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [ipsec0] skip route add since remote subnet is 10.227.0.0/16, src_ip 192.168.199.253 2023-03-17 15:18:04Z 28[APP] [COP-UPDOWN] (add_routes) no routes to add for TEST on interface ipsec0
and a route -n, we not seeing the route: XG135_XN03_SFOS 19.5.1 MR-1-Build278# route -n
0.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 Port8
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 LACP_SRV
10.0.2.0 10.0.1.254 255.255.255.0 UG 20 0 0 LACP_SRV
10.0.3.0 10.0.1.254 255.255.255.0 UG 20 0 0 LACP_SRV
10.0.4.0 10.0.1.254 255.255.255.0 UG 20 0 0 LACP_SRV
10.0.5.0 10.0.1.254 255.255.255.0 UG 20 0 0 LACP_SRV
10.0.6.0 10.0.1.254 255.255.255.0 UG 20 0 0 LACP_SRV
10.0.8.0 0.0.0.0 255.255.255.0 U 0 0 0 LACP_SRV.7
10.0.9.0 0.0.0.0 255.255.255.0 U 0 0 0 LACP_SRV.9
10.0.100.0 10.0.1.254 255.255.255.0 UG 20 0 0 LACP_SRV
109.7.27.240 0.0.0.0 255.255.255.248 U 0 0 0 Port2
172.16.1.0 172.16.7.253 255.255.255.0 UG 20 0 0 Port3
172.16.2.0 172.16.7.253 255.255.255.0 UG 20 0 0 Port3
172.16.4.0 172.16.7.253 255.255.255.0 UG 20 0 0 Port3
172.16.7.0 0.0.0.0 255.255.255.0 U 0 0 0 Port3
172.16.8.0 172.16.7.253 255.255.255.0 UG 20 0 0 Port3
172.16.9.0 172.16.7.253 255.255.255.0 UG 20 0 0 Port3
172.16.200.0 172.16.7.253 255.255.255.0 UG 20 0 0 Port3
172.16.204.0 172.16.7.253 255.255.255.0 UG 20 0 0 Port3
192.168.33.0 172.16.7.253 255.255.255.0 UG 20 0 0 Port3
192.168.101.0 0.0.0.0 255.255.255.0 U 0 0 0 Port7
192.168.254.0 0.0.0.0 255.255.255.0 U 0 0 0 Port4
If i use no natted subnet, it's working. Can you help us ?
This thread was automatically locked due to age.
