search

strongX509 / docker

A collection of docker image build files
40 stars 18 forks source link

question about your docker image #5

Open DerUntote opened 2 years ago

DerUntote commented 2 years ago

Hello,

do you also route the two subnets inbetween? I cannot see any iptables change or other added routings.

its about strongwan: [strongswan](https://github.com/strongX509/docker/blob/master/strongswan): A strongSwan 5.x IKEv2 Daemon with a VICI interface

strongX509 commented 2 years ago

The strongswan docker images do not activate iptables, so that no default drop rules are installed.

When the tunnel is up between the subnets

10.3.0.1/32 === 10.1.0.0/24

no routing rules have to be added manually. strongSwan automatically installs the following source routes on the vpn-client:

ip route list table 220
10.1.0.0/24 via 192.168.0.2 dev eth0 proto static src 10.3.0.1

and on the vpn-server:

ip route list table 220
10.3.0.1 via 192.168.0.3 dev eth0 proto static src 10.1.0.2