IPSec tunneled traffic

Hello everyone,

I bought an Omnia + LTE modem to have a remote router.
So far I have managed to get an IPSec (Strongswan) Site to Site VPN up and running where both sites can ping each other.

The only big issue I currently have is that all internet traffice from Omnia is not tunneled throught the VPN but leaves Omnias WAN interface.

I have spend nearly two days/nights playing around with GUI and IPTable configuration but I still was not able to solve it…

Does anyone of you have a working solution in place or could provide support wiht me issue?

Kind regards,

I don’t have working solution as you asked.
But based on what you described it seems you should change static routes. Ad default route to tunnel and/or change metric on current default.

Like @blbeczech82 pointed out it is matter of default routing.

You could try also VPN policy based routing possible?

Hi there,

@blbeczech82: Thanks but I am not sure if this is going to work as the Strongswans IPSec does not create a new interface. But I will have a look at it

@anon50890781: Thanks too! I will have a look at it and see if either static routing or VPN policy based routings solve my problem.

Then policy based routing is likely not going to do it as it requries an iface.

From a brief look at the strongSwan wiki it appears that strongSwan builds policy based tunnels (--pol ipsec), not route based ones.

Did you have a look at https://wiki.strongswan.org/projects/strongswan/wiki/OpenWrtUCI ?

This one https://wiki.openwrt.org/doc/howto/vpn.ipsec.basics mentions gateway