strongSwan KVM Tests / route-based / net2net-vti

Test route-based/net2net-vti

Description

A connection between the subnets behind the gateways moon and sun is set up using VTI interfaces.

The gateways use route-based forwarding with VTI tunnels, with firewall rules to allow traffic to pass. The IPsec traffic selector used is 0.0.0.0/0, however specific routing is achieved with routes on the VTI interfaces. The IKE daemon is configured to not install routes with charon.install_routes=0, and static routes are installed for the target subnets on the VTI interfaces.

Client alice behind gateway moon pings client bob located behind gateway sun.

alice moon winnetou sun bob

moon

 

sun

 

tcpdump