Hi guys,
I am trying to implement the following configuration:
000 "LS-NET-PSK":
0.0.0.0/0===92.33.127.197[+S=C]...92.33.127.193---%any[+S=C];
unrouted; eroute owner: #0
... which means that my VPN server (92.33.127.197) is configured to
accept connections from any client and that the left private subnet is
the whole Internet.
I want all client machines, once connected, to send all their traffic
through VPN server.
Configuration file looks as follows:
conn LS-NET-PSK
authby=secret
pfs=no
rekey=no
keyingtries=3
type=tunnel
left=%defaultroute
leftsubnet=0.0.0.0/0
right=%any
rightnexthop=%defaultroute
auto=add
Now I am configuring another server as a client to pass all the
traffic through the VPN server.
My second server has real Internet IP 64.33.90.5. It is not behind NAT.
Second server configuration file below:
conn LS-NET-PSK-CLIENT
authby=secret
pfs=no
rekey=yes
keyingtries=3
type=tunnel
left=%defaultroute
right=92.33.127.197
rightsubnet=0.0.0.0/0
auto=add
Now if I establish the connection, my second server starts sending ESP
packets through the VPN server 92.33.127.197
I can see it with tcpdump.
The problem is that target server, which has the IP address
66.33.102.58 does not route response through the VPN server
92.33.127.197.
Instead target server tries to communicate directly to the 64.33.90.5
over unencrypted channel
Can anybody please give me an advice? I am new to this IPsec thing. I
will appreciate all your input.
Andrey