Unable to reach remote machines from Kubernetes pods using strongswan IPsec tunnel

[aleemgsl]

Hi All,

We have deployed a containerized strongswan using "vimagick/strongswan" image. Our requirement is as below:

1. On a baremetal server, we have multiple pods running (all are in the same network). Strongswan is one of them.
2. We would like to access one of the machines present on remote side (lets say X.X.X.X). This Machine should be accessible from all the pods.
3. The pods on local side should also be accessible from remote side.

Problem We are facing:

1. We are able to access the X.X.X.X machine from strongswan pod. But we can not ping X.X.X.X machine from any other pods.

We have added routes on local pods to send traffic to X.X.X.X via strongswan pod.

Can someone help us with right configurations?

Below is the config file:

config setup #charondebug="ike 3, knl 3, cfg 3, chd 3, dmn 3" charondebug="dmn 5, mgr 5, ike 5, chd 5, job 5, enc 4, knl 2, enc 5, net 2, asn 2, lib 5, esp 5, tls 2, tnc 2, imc 2, imv 2, pts 2, cfg 5" conn "ikev2" auto=start keyexchange=ikev2 ike=aes256-sha2_256-modp2048 esp=aes256-sha2_256 type=tunnel leftsourceip=%modeconfig leftcert=abc.pem right=<Public_IP_of_remote_side> rightid=%any rightsubnet=X.X.X.0/26 authby=rsasig dpddelay=5 dpdtimeout=20 dpdaction=restart closeaction=restart keyingtries=%forever

Diagram: