establishing the IPsec-VPN is easy and works like expected. but if one is going to ping from one VPN-router to the LAN-interface of the other, expecting to trigger/use the IPsec-tunnel the packets are sent unencryptetd to the WAN interface. Looking to the IPsec-policy i found adding "src-address=<LAN-ip>" sends the ping through the tunnel.
due to that fact it seems not possible to build up an EoIP-tunnel over the IPsec-connection as the EoIP goes unencrypted to the internet as the ping before. i found no option to change the source-ip for the EoIP also.
Code: Select all
LAN --- (R) --- IPsec --- (R) --- LAN )-------EoIP------(
i checked mangle-rules, but didn't found an useful option for this problem either. policy routing is not usable too, as there is no route to the other side of the VPN.
in general locally created packets need a source-address change to go through the IPsec-tunnel. i'd guess this concerns SNMP, syslog and other services too.
btw, if i change the IPsec policy to "src-address=0.0.0.0/0" the IPsec- connection does not work anymore.
for some reasons i liked to stay with IPsec, probably using PPTP would not cause this problem, though. and yes, i have to use EoIP also, because i need a transparent ethernet-connection for some applications.
therefore i am stuck... any hints or a solution?