[Openswan Users] Openswan peer-to-site with virtual IP on client side

[Richy Müller]

Hello,
I hope someone can help me with my issue.

I am trying to run a openswan ipsec on a raspberry pi 2 towards a ipsec server.
The tunnel is up and running, but I need to access to the rpi2 from the host site over an virtual IP.

For example:
The rpi2 has the local IP: 192.16.4.84/24 and his gateway is 192.168.4.1. The WAN IP is dynamic.

The rpi2 is starting the tunnel towards the server x.x.x.180
It also added the virtual IP to the interface eth0

But I can't reach anything over the connected vpn.
Without the virutal ip, so just the physical IP the vpn works.

It seems that the rpi doesn't know how it can reach the tunnel over virtual ip.
Here is the ipsec.conf

config setup

# uniqueids=no

virtual_private=%v4:172.17.0.0/28,%v4:172.17.201.253/32

protostack=netkey

nat_traversal=yes

keep_alive=30

plutodebug=none

klipsdebug=none

plutoopts="--perpeerlog"

plutostderrlog=/tmp/pluto.logconn tunnelipsec-Stanley
type= tunnel

auto= start

## This side ##

left=%defaultroute

leftsubnet=172.17.201.253/32

leftsourceip=172.17.201.253

leftid=172.17.201.253

## peer side ##

right=x.x.x.180 # remote peer hostname or IP address

rightsubnet=172.17.0.0/28 # network behind the head end

rightid=x.x.x.180 # this makes setting the PSK much easier

## phase 1 ##

keyexchange= ike

ike=3des-md5;modp1024 # This is the phase 1 policy.

ikelifetime=86400s

aggrmode=yes

authby= secret

rekey=yes


## phase 2 ##
phase2=esp
phase2alg=3des-md5;modp1024pfs= yes

Thanks

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20150512/d3385c5e/attachment.html>