[prev in list] [next in list] [prev in thread] [next in thread] 

List:       libreswan
Subject:    Re: [Swan] Help with IKEv1 roadwarrior to subnet?
From:       Manfred <mx2927 () gmail ! com>
Date:       2020-11-14 18:14:58
Message-ID: f52b2e43-a457-4488-3ee3-1f8c10113b4e () gmail ! com
[Download RAW message or body]

I should probably add the virtual-private too:
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v4:!192.168.0.0/24


On 11/14/2020 7:07 PM, Manfred wrote:
> I'm trying to set up a remote VPN access, and for simplicity I am 
> starting with IKEv1 & PSK (the final setup will be IKEv2 & certs, but 
> I'd rather figure this out first).
> 
> I am able to establish a connection from client to server, and access 
> all services on the server itself (http, ssh, ...) but I'm stuck at the 
> point that I can't access any other host at the server site (e.g. 
> 192.168.0.35)
> 
> Thanks in advance for any help!
> 
> On the server site:
> UDP ports 500, 4500, and 50 are being NAT forwarded from the public 
> gateway to the ipsec server at 192.168.0.27, subnet is 192.168.0.0/24
> 
> server config is:
> conn server-vpn
> ikev2=no
> ike=aes256-sha1;dh14
> esp=aes256-sha1
> 
> authby=secret
> # left=XXX.XXX.XXX.XXX # public IP of the gateway
> # leftnexthop=%defaultroute
> left=%defaultroute
> leftid=XXX.XXX.XXX.XXX # public IP of the gateway
> # leftsourceip=192.168.0.27
> leftsubnet=192.168.0.0/24
> 
> right=%any
> rightsubnet=vhost:%no,%priv
> 
> auto=add
> 
> client site is supposed to be dynamic IP, behind a gateway at 
> 192.168.1.25, subnet is 192.168.1.0/24
> client config:
> conn client-vpn
> ikev2=no
> ike=aes256-sha1;dh14
> esp=aes256-sha1
> 
> authby=secret
> left=%defaultroute
> # leftid=XXX.XXX.XXX.XXX
> # leftsubnet=vhost:%no,%priv
> # leftsubnet=192.168.1.0/24
> 
> right=XXX.XXX.XXX.XXX # public IP of the gateway at server site
> rightsubnet=192.168.0.0/24
> 
> auto=add
> 
> (Maybe it's worth mentioning that the server is running libreswan 4.1 on 
> Fedora 32, the client is with 3.30 on Fedora 30)
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic