Skip to main content
Unix & Linux

Return to Answer

added 26 characters in body
Source Link
MC68020
MC68020
  • 8.6k
  • 3
  • 25
  • 52

It seems that the issue is related to the fact that the tun0 interface does not have a default route, and therefore, it does not know how to forward packets to the VPN server.

To fix this, you can add a static route to the tun0 interface, pointing to the VPN server's IP address as the gateway for the 10.128.0.0/16 subnet. This will tell the interface to send all packets destined for that subnet to the VPN server.

Assuming that the VPN server has the IP address 10.128.0.1, you can add the following command to the /etc/strongswan.d/vtun.conf/etc/strongswan.d/vtun.conf file:

leftfirewall=yes leftsourceip=%config leftsubnet=10.128.0.2/32 rightsubnet=10.128.0.0/16

leftfirewall=yes
leftsourceip=%config
leftsubnet=10.128.0.2/32
rightsubnet=10.128.0.0/16

And then add the following route to the tun0 interface after bringing it up:

sudo ip route add 10.128.0.0/16 via 10.128.0.1 dev tun0

sudo ip route add 10.128.0.0/16 via 10.128.0.1 dev tun0

This should enable data flow through the VPN connected to the tun0 interface. Keep in mind that changes to the routing table are not persistent across reboots, so you may want to add this command to a startup script or configure it in your router.

Also, note that you might want to adjust the configuration of the strongSwan charon to match your specific setup, such as the IKE version, encryption algorithms, and authentication mechanisms.

Lastly, you may want to check the logs of the strongSwan daemon to see if there are any error messages or warnings that might help you further diagnose the issue. You can do this by running the following command:

sudo journalctl -f -u charon.service

sudo journalctl -f -u charon.service

It seems that the issue is related to the fact that the tun0 interface does not have a default route, and therefore, it does not know how to forward packets to the VPN server.

To fix this, you can add a static route to the tun0 interface, pointing to the VPN server's IP address as the gateway for the 10.128.0.0/16 subnet. This will tell the interface to send all packets destined for that subnet to the VPN server.

Assuming that the VPN server has the IP address 10.128.0.1, you can add the following command to the /etc/strongswan.d/vtun.conf file:

leftfirewall=yes leftsourceip=%config leftsubnet=10.128.0.2/32 rightsubnet=10.128.0.0/16

And then add the following route to the tun0 interface after bringing it up:

sudo ip route add 10.128.0.0/16 via 10.128.0.1 dev tun0

This should enable data flow through the VPN connected to the tun0 interface. Keep in mind that changes to the routing table are not persistent across reboots, so you may want to add this command to a startup script or configure it in your router.

Also, note that you might want to adjust the configuration of the strongSwan charon to match your specific setup, such as the IKE version, encryption algorithms, and authentication mechanisms.

Lastly, you may want to check the logs of the strongSwan daemon to see if there are any error messages or warnings that might help you further diagnose the issue. You can do this by running the following command:

sudo journalctl -f -u charon.service

It seems that the issue is related to the fact that the tun0 interface does not have a default route, and therefore, it does not know how to forward packets to the VPN server.

To fix this, you can add a static route to the tun0 interface, pointing to the VPN server's IP address as the gateway for the 10.128.0.0/16 subnet. This will tell the interface to send all packets destined for that subnet to the VPN server.

Assuming that the VPN server has the IP address 10.128.0.1, you can add the following command to the /etc/strongswan.d/vtun.conf file:

leftfirewall=yes
leftsourceip=%config
leftsubnet=10.128.0.2/32
rightsubnet=10.128.0.0/16

And then add the following route to the tun0 interface after bringing it up:

sudo ip route add 10.128.0.0/16 via 10.128.0.1 dev tun0

This should enable data flow through the VPN connected to the tun0 interface. Keep in mind that changes to the routing table are not persistent across reboots, so you may want to add this command to a startup script or configure it in your router.

Also, note that you might want to adjust the configuration of the strongSwan charon to match your specific setup, such as the IKE version, encryption algorithms, and authentication mechanisms.

Lastly, you may want to check the logs of the strongSwan daemon to see if there are any error messages or warnings that might help you further diagnose the issue. You can do this by running the following command:

sudo journalctl -f -u charon.service
Source Link
ZarTek Creole
ZarTek Creole
  • 11
  • 1

It seems that the issue is related to the fact that the tun0 interface does not have a default route, and therefore, it does not know how to forward packets to the VPN server.

To fix this, you can add a static route to the tun0 interface, pointing to the VPN server's IP address as the gateway for the 10.128.0.0/16 subnet. This will tell the interface to send all packets destined for that subnet to the VPN server.

Assuming that the VPN server has the IP address 10.128.0.1, you can add the following command to the /etc/strongswan.d/vtun.conf file:

leftfirewall=yes leftsourceip=%config leftsubnet=10.128.0.2/32 rightsubnet=10.128.0.0/16

And then add the following route to the tun0 interface after bringing it up:

sudo ip route add 10.128.0.0/16 via 10.128.0.1 dev tun0

This should enable data flow through the VPN connected to the tun0 interface. Keep in mind that changes to the routing table are not persistent across reboots, so you may want to add this command to a startup script or configure it in your router.

Also, note that you might want to adjust the configuration of the strongSwan charon to match your specific setup, such as the IKE version, encryption algorithms, and authentication mechanisms.

Lastly, you may want to check the logs of the strongSwan daemon to see if there are any error messages or warnings that might help you further diagnose the issue. You can do this by running the following command:

sudo journalctl -f -u charon.service