Distribute traffic across multiple strongswan IKEv2 connectionsiptables NAT/Forwarding with external ADSL router; PCs on the network can't access the internetStrongswan (IKEv2) connection established, but no traffic routingRemote end of IPSec transport is 'permenantly glued' to loopback after some messing around with GREConnect AWS and Azure via OpenVPNRoute traffic through private IP for only certain hosts - CentOS 6.6How to configure dual homed server in order for both network segments to communicate?StrongSwan ikev2 routing through VPN in Windows 10Strongswan IKEv2 for iOS devicesOCSP verification fails in Strongswan (IKEv2)Strongswan IKEv2 REAUTH request

Pay as you go Or Oyster card

Is it a problem that pull requests are approved without any comments

Did thousands of women die every year due to illegal abortions before Roe v. Wade?

What is the traditional way of earning a doctorate in Germany?

What is the advantage of carrying a tripod and ND-filters when you could use image stacking instead?

Why is c4 bad when playing the London against a King's Indian?

Avoiding cliches when writing gods

Bent spoke design wheels — feasible?

How do I write "Show, Don't Tell" as an Asperger?

How do photons get into the eyes?

What risks are there when you clear your cookies instead of logging off?

How to make thick Asian sauces?

Credit card offering 0.5 miles for every cent rounded up. Too good to be true?

What happens to foam insulation board after you pour concrete slab?

Smooth switching between 12v batteries, with toggle switch

What happens if you do emergency landing on a US base in middle of the ocean?

What makes linear regression with polynomial features curvy?

Why does the Schrödinger equation work so well for the Hydrogen atom despite the relativistic boundary at the nucleus?

Function to extract float from different price patterns

Incremental Ranges!

Is it possible to trip with natural weapon?

Movie where a boy is transported into the future by an alien spaceship

How to supress loops in a digraph?

How were concentration and extermination camp guards recruited?



Distribute traffic across multiple strongswan IKEv2 connections


iptables NAT/Forwarding with external ADSL router; PCs on the network can't access the internetStrongswan (IKEv2) connection established, but no traffic routingRemote end of IPSec transport is 'permenantly glued' to loopback after some messing around with GREConnect AWS and Azure via OpenVPNRoute traffic through private IP for only certain hosts - CentOS 6.6How to configure dual homed server in order for both network segments to communicate?StrongSwan ikev2 routing through VPN in Windows 10Strongswan IKEv2 for iOS devicesOCSP verification fails in Strongswan (IKEv2)Strongswan IKEv2 REAUTH request






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








-1















I would like a setup where a strongSwan client connects to multiple endpoints with rightsubnet=0.0.0.0/0.



Then, that machine is used as the default gateway for a few machines.



When I tear up multiple IPsec connections I have a virtual IP on the outbound interface for each connection.



The last one being set as the default in table 220 as in:



default via 192.168.123.1 dev wlp58s0 proto static src 10.6.6.171 table 220



What I would now ideally be able to do, would be:



ip route change default scope global nexthop via 192.168.111.1 dev wlp58s0 src 10.6.6.1 weight 1 nexthop via 192.168.111.1 dev wlp58s0 src 10.6.6.171 weight 1 table 220



However that does not work, the src is not accepted.



How could I achieve that?






iptables ipsec strongswan ikev2 nftables







share|improve this question






























    -1















    I would like a setup where a strongSwan client connects to multiple endpoints with rightsubnet=0.0.0.0/0.



    Then, that machine is used as the default gateway for a few machines.



    When I tear up multiple IPsec connections I have a virtual IP on the outbound interface for each connection.



    The last one being set as the default in table 220 as in:



    default via 192.168.123.1 dev wlp58s0 proto static src 10.6.6.171 table 220



    What I would now ideally be able to do, would be:



    ip route change default scope global nexthop via 192.168.111.1 dev wlp58s0 src 10.6.6.1 weight 1 nexthop via 192.168.111.1 dev wlp58s0 src 10.6.6.171 weight 1 table 220



    However that does not work, the src is not accepted.



    How could I achieve that?






    iptables ipsec strongswan ikev2 nftables







    share|improve this question


























      -1












      -1








      -1


      2






      I would like a setup where a strongSwan client connects to multiple endpoints with rightsubnet=0.0.0.0/0.



      Then, that machine is used as the default gateway for a few machines.



      When I tear up multiple IPsec connections I have a virtual IP on the outbound interface for each connection.



      The last one being set as the default in table 220 as in:



      default via 192.168.123.1 dev wlp58s0 proto static src 10.6.6.171 table 220



      What I would now ideally be able to do, would be:



      ip route change default scope global nexthop via 192.168.111.1 dev wlp58s0 src 10.6.6.1 weight 1 nexthop via 192.168.111.1 dev wlp58s0 src 10.6.6.171 weight 1 table 220



      However that does not work, the src is not accepted.



      How could I achieve that?






      iptables ipsec strongswan ikev2 nftables







      share|improve this question
















      I would like a setup where a strongSwan client connects to multiple endpoints with rightsubnet=0.0.0.0/0.



      Then, that machine is used as the default gateway for a few machines.



      When I tear up multiple IPsec connections I have a virtual IP on the outbound interface for each connection.



      The last one being set as the default in table 220 as in:



      default via 192.168.123.1 dev wlp58s0 proto static src 10.6.6.171 table 220



      What I would now ideally be able to do, would be:



      ip route change default scope global nexthop via 192.168.111.1 dev wlp58s0 src 10.6.6.1 weight 1 nexthop via 192.168.111.1 dev wlp58s0 src 10.6.6.171 weight 1 table 220



      However that does not work, the src is not accepted.



      How could I achieve that?






      iptables ipsec strongswan ikev2 nftables




      iptables ipsec strongswan ikev2 nftables






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited May 21 at 10:57









      Pau Garcia

      357




      357










      asked May 19 at 20:58









      yawniekyawniek

      1331110




      1331110




















          0






          active

          oldest

          votes












          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "2"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f968004%2fdistribute-traffic-across-multiple-strongswan-ikev2-connections%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Server Fault!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f968004%2fdistribute-traffic-across-multiple-strongswan-ikev2-connections%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Club Baloncesto Breogán Índice Historia | Pavillón | Nome | O Breogán na cultura popular | Xogadores | Adestradores | Presidentes | Palmarés | Historial | Líderes | Notas | Véxase tamén | Menú de navegacióncbbreogan.galCadroGuía oficial da ACB 2009-10, páxina 201Guía oficial ACB 1992, páxina 183. Editorial DB.É de 6.500 espectadores sentados axeitándose á última normativa"Estudiantes Junior, entre as mellores canteiras"o orixinalHemeroteca El Mundo Deportivo, 16 setembro de 1970, páxina 12Historia do BreogánAlfredo Pérez, o último canoneiroHistoria C.B. BreogánHemeroteca de El Mundo DeportivoJimmy Wright, norteamericano do Breogán deixará Lugo por ameazas de morteResultados de Breogán en 1986-87Resultados de Breogán en 1990-91Ficha de Velimir Perasović en acb.comResultados de Breogán en 1994-95Breogán arrasa al Barça. "El Mundo Deportivo", 27 de setembro de 1999, páxina 58CB Breogán - FC BarcelonaA FEB invita a participar nunha nova Liga EuropeaCharlie Bell na prensa estatalMáximos anotadores 2005Tempada 2005-06 : Tódolos Xogadores da Xornada""Non quero pensar nunha man negra, mais pregúntome que está a pasar""o orixinalRaúl López, orgulloso dos xogadores, presume da boa saúde económica do BreogánJulio González confirma que cesa como presidente del BreogánHomenaxe a Lisardo GómezA tempada do rexurdimento celesteEntrevista a Lisardo GómezEl COB dinamita el Pazo para forzar el quinto (69-73)Cafés Candelas, patrocinador del CB Breogán"Suso Lázare, novo presidente do Breogán"o orixinalCafés Candelas Breogán firma el mayor triunfo de la historiaEl Breogán realizará 17 homenajes por su cincuenta aniversario"O Breogán honra ao seu fundador e primeiro presidente"o orixinalMiguel Giao recibiu a homenaxe do PazoHomenaxe aos primeiros gladiadores celestesO home que nos amosa como ver o Breo co corazónTita Franco será homenaxeada polos #50anosdeBreoJulio Vila recibirá unha homenaxe in memoriam polos #50anosdeBreo"O Breogán homenaxeará aos seus aboados máis veteráns"Pechada ovación a «Capi» Sanmartín e Ricardo «Corazón de González»Homenaxe por décadas de informaciónPaco García volve ao Pazo con motivo do 50 aniversario"Resultados y clasificaciones""O Cafés Candelas Breogán, campión da Copa Princesa""O Cafés Candelas Breogán, equipo ACB"C.B. Breogán"Proxecto social"o orixinal"Centros asociados"o orixinalFicha en imdb.comMario Camus trata la recuperación del amor en 'La vieja música', su última película"Páxina web oficial""Club Baloncesto Breogán""C. B. Breogán S.A.D."eehttp://www.fegaba.com

          Image
          Barça LassaBAXI ManresaCafés Candelas BreogánDelteco GBCDivina Seguros JoventutHerbalife Gran CanariaIberostar TenerifeKirolbet BaskoniaMonbus ObradoiroMontakit FuenlabradaMoraBanc AndorraMovistar EstudiantesReal MadridSan Pablo BurgosTecnyconta ZaragozaUCAM MurciaUnicajaValencia Basket Club Baloncesto Breogán baloncestoLugoGalicia1966JuanJosé Ramón Varela Portasmáxima categoría1970competicións europeasLiga ACBPavillón MunicipalPazo dos DeportesJesús Lázareliga EBAClub Estudiantes1965Lugobaloncestosegunda divisiónJosé RamónJuan Varela-Portas y Pardo1966Celestino Fernández de la Vega196869primeira divisiónZaragozaprimeira divisiónReal MadridJoventutEstudiantes19701971máxima categoría estatal11 de outubro1970Palacio dos DeportesLugoTenerifeMadridReal MadridAlfredo PérezBreogán19711972TenerifeMadridvascocatalánAlfredo PérezespañolMadridLugoManresa La Casera19741975As...
          Read more

          Vilaño, A Laracha Índice Patrimonio | Lugares e parroquias | Véxase tamén | Menú de navegación43°14′52″N 8°36′03″O / 43.24775, -8.60070

          Image
          Parroquias da LarachaParroquias de Galicia baixo a advocación de Santiago o Maior coruñésLarachacomarca de BergantiñosIGE20131999castro de Montesclarospoboado castrexoidade de ferroromanización de Galiciamiliariopazo de Montesclarosséculo XIXAmboadeA AreosaA BarreiraBos AiresA BoticaAs Brañas da ViñaAs BrañasBusteloOs CanedosFerreirosAs FervenzasA Fonte da CanleO FormigueiroFornelosA FragaFragundeGravidoA LamelaMarfuloOs MeánsMontes ClarosA PanelaO PazoQuintánsRibelaSamiroO SeixoA TelleiraVilañoVilanovaA ViñaVista AlegreCabovilaño (San Román)Caión (Santa María do Socorro)Coiro (San Xián)Erboedo (Santa María)Golmar (San Bieito)Lemaio (Santa Mariña)Lendo (San Xián)Lestón (San Martiño)Montemaior (Santa María Madanela)Soandres (San Pedro)Soutullo (Santa María)Torás (Santa María)Vilaño (Santiago) Vilaño, A Laracha Na Galipedia, a Wi...
          Read more

          Cegueira Índice Epidemioloxía | Deficiencia visual | Tipos de cegueira | Principais causas de cegueira | Tratamento | Técnicas de adaptación e axudas | Vida dos cegos | Primeiros auxilios | Crenzas respecto das persoas cegas | Crenzas das persoas cegas | O neno deficiente visual | Aspectos psicolóxicos da cegueira | Notas | Véxase tamén | Menú de navegación54.054.154.436928256blindnessDicionario da Real Academia GalegaPortal das Palabras"International Standards: Visual Standards — Aspects and Ranges of Vision Loss with Emphasis on Population Surveys.""Visual impairment and blindness""Presentan un plan para previr a cegueira"o orixinalACCDV Associació Catalana de Cecs i Disminuïts Visuals - PMFTrachoma"Effect of gene therapy on visual function in Leber's congenital amaurosis"1844137110.1056/NEJMoa0802268Cans guía - os mellores amigos dos cegosArquivadoEscola de cans guía para cegos en Mortágua, PortugalArquivado"Tecnología para ciegos y deficientes visuales. Recopilación de recursos gratuitos en la Red""Colorino""‘COL.diesis’, escuchar los sonidos del color""COL.diesis: Transforming Colour into Melody and Implementing the Result in a Colour Sensor Device"o orixinal"Sistema de desarrollo de sinestesia color-sonido para invidentes utilizando un protocolo de audio""Enseñanza táctil - geometría y color. Juegos didácticos para niños ciegos y videntes""Sistema Constanz"L'ocupació laboral dels cecs a l'Estat espanyol està pràcticament equiparada a la de les persones amb visió, entrevista amb Pedro ZuritaONCE (Organización Nacional de Cegos de España)Prevención da cegueiraDescrición de deficiencias visuais (Disc@pnet)Braillín, un boneco atractivo para calquera neno, con ou sen discapacidade, que permite familiarizarse co sistema de escritura e lectura brailleAxudas Técnicas36838ID00897494007150-90057129528256DOID:1432HP:0000618D001766C10.597.751.941.162C97109C0155020

          Image
          OftalmoloxíaDiscapacidade sentidovistaNorteaméricaEuropaollopaíses en vías de desenvolvementopaíses desenvolvidos2014Organización Mundial da SaúdeGaliciaretinopatía diabéticaglaucomaresto visualagudeza visualcampo visualterapia xénicaretinavirus do arrefriado comúncanadestradoséculo XIXLouis Brailleteclado brailleescáneresrecoñecemento óptico de caractereslectores de pantallacorsinestesiafrauta doceamareloclarineteazultamboresvermellopianoverdeSistema Constanzsemáforocans guíaBrailletactosoftwaretactoeuroAvuiséculo XXUnión SoviéticaFranciaItaliaInglaterraNataciónatletismociclismojudoesquífútbol salamontañismoxadrezgoalballsociedademúsicosindixentesprofetassabiosoídotactomúsicarisatactooídolinguaxePiaget (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u0...
          Read more