1

Network

I'm going to try this again. The network diagram shows my setup. I need to redirect traffic from X5 10.0.40.0/24 through the iKev2 tunnel to the Strongswan server at 10.0.70.10. Then that traffic gets forwarded to the OpenVpn Server tun0 10.8.0.14 that has an established connection with VPN Provider. The routes on the OpenVpn Server after the vpn connection are as follows

0.0.0.0/1 via 10.8.0.1 dev tun0 
default via 10.0.80.1 dev ens33 proto dhcp src 10.0.80.10 metric 100 
10.8.0.0/21 dev tun0 proto kernel scope link src 10.8.0.3 
128.0.0.0/1 via 10.8.0.1 dev tun0 
169.150.232.68 via 10.0.80.1 dev ens33 
10.0.80.0/24 dev ens33 proto kernel scope link src 10.0.80.10 metric 100

The problem is that once the OpenVpn server establishes a connection with the provider, I can no longer ping the VM or my iKev2 traffic to it.

Bodo
  • 1,000
Razzberry
  • 11

1 Answers1

0

As confirmed in a comment to the question, the routes for 0.0.0.0/1 and 128.0.0.0/1 get added when the OpenVPN is connected

According to https://serverfault.com/q/1100250, the routes for 0.0.0.0/1 and 128.0.0.0/1 take precedence over the default route.

This means, the start of the VPN is like replacing your default route with a route through the VPN tunnel.

In version 5 of your question you wrote: "I am running the ping command from 10.0.70.10 to 10.0.80.10." This means, the ping reply must go to 10.0.70.10. According to your routing table, the most specific route for this is 0.0.0.0/1 which will use tun0. Without this, the packet would take the default route. The VPN does not know that 10.0.70.10 is in your local network

You probably need a specific route for 10.0.70.0/24 or a shorter prefix, e.g. 10.0.0.0/8. This route can be present even without the VPN connection.

(For more detailed proposals, I would need the configuration of all network interfaces of the StrongSwan server and the OpenVPN server.

A network diagram that actually shows the different networks and interfaces instead of the direct arrows between the systems might also help. See https://plantuml.com/nwdiag for examples.)

Bodo
  • 1,000