I have the following config om my server
connections {
mycompay-vpn {
local_addrs = <MY_COMPANY_IP>
version = 2
pools = mycompay-vpn-pool
proposals = aes256-sha256-modp2048
local {
auth = pubkey
certs = mycompay-vpn-cert.pem
id = <MY_COMPANY_IP>
}
remote {
auth = eap-mschapv2
}
children {
mycompay-vpn {
local_ts = 0.0.0.0/0
esp_proposals = aes256-sha256-modp2048
ah_proposals = aes256-sha256-modp2048
mode = tunnel
start_action = start
updown = /usr/libexec/strongswan/_updown iptables
}
}
}
mycompany-partner {
version = 2
mobike = no
proposals = aes256-sha256-ecp384
local_addrs = <MY_COMPANY_IP>
remote_addrs = <PARTNER_IP>
pools = mycompany-vpn-pool
local {
auth = psk
}
remote {
auth = psk
}
children {
mycompany-partner-prod {
remote_ts = <PROXY_PROD_SUBNET>
local_ts = <SUBNET_DIFFERENT_FROM_PARTNER>
updown = /usr/libexec/strongswan/_updown iptables
start_action = start
ah_proposals = aes256-sha256-ecp384
esp_proposals = aes256-sha256-ecp384
dpd_action = restart
}
}
}
}
pools {
mycompany-vpn-pool {
addrs = <SUBNETWORK_DIFFERENT_FROM_PARTNER> <
}
}
secrets {
ike-mycompany-partner {
id = <PARTNER_IP>
secret = <PSK>
}
ike-mycompany-partner {
id = <MY_COMPANY_IP>
secret = <PSK>
}
}
When I connect to the VPN I get assigned an IP my subnet and I can see it assigned to my interface connected to the internet. A default route is added to table 220 that redirect all traffic to come from that IP default via 192.168.1.254 dev wlp0s20f3 proto static src 172.23.127.1
And xfrm policies are added to route traffic correctly to the VPN server public address.
But when I try to telent IPs on the partner's network I get No route to host
Any idea what might cause this ?
Policies on the server seem to be set correctly two, and both VPNs seem to be up and running.