Unable to reach remote machines from Kubernetes pods using strongswan IPsec tunnel

[aleemgsl]

Hi All,

We have deployed a containerized strongswan using "vimagick/strongswan" image. Our requirement is as below:

1. On a baremetal server, we have multiple pods running (all are in the same network). Strongswan is one of them.
2. We would like to access one of the machines present on remote side (lets say X.X.X.X). This Machine should be accessible from all the pods.
3. The pods on local side should also be accessible from remote side.

Problem We are facing:

1. We are able to access the X.X.X.X machine from strongswan pod. But we can not ping X.X.X.X machine from any other pods.

We have added routes on local pods to send traffic to X.X.X.X via strongswan pod.

Can someone help us with right configurations?

Below is the config file:

config setup
#charondebug="ike 3, knl 3, cfg 3, chd 3, dmn 3"
charondebug="dmn 5, mgr 5, ike 5, chd 5, job 5, enc 4, knl 2, enc 5, net 2, asn 2, lib 5, esp 5, tls 2, tnc 2, imc 2, imv 2, pts 2, cfg 5"
conn "ikev2"
auto=start
keyexchange=ikev2
ike=aes256-sha2_256-modp2048
esp=aes256-sha2_256
type=tunnel
leftsourceip=%modeconfig
leftcert=abc.pem
right=<Public_IP_of_remote_side>
rightid=%any
rightsubnet=X.X.X.0/26
authby=rsasig
dpddelay=5
dpdtimeout=20
dpdaction=restart
closeaction=restart
keyingtries=%forever

Diagram: