Creating a route into ipsec tunnel - is it possible?

mahn

Hello everyone.
Is there any possibility to route traffic to single host or subnet into tunnel in 2.0 version?
Setup example:

local network 192.168.1.0/24
local external ip 1.1.1.1
isp's gateway 1.1.1.2

remote network 192.168.2.0/24
remote ipsec gateway - 2.2.2.2

tunnel is up and running.

i need to route packets for 2.2.2.2 into tunnel (remote side only accepts encrypted packets after ipsec up and i have to access it by public ip, can't use private remote ips).
But i can't understand how to create routing rule for it - should i use internal ip of remote gateway to route it automatically, what interface should i use? And i'm afraid that when the tunnel will go down it won't be raised again because of that route and it's unavailability.

jimp

You can't route over IPsec in tunnel mode in the traditional sense.

To do what you're after, you might just need an additional phase 2 entry on both ends of the tunnel for 192.168.1.0/24 <-> 2.2.2.2

mahn

Thank you, it worked!