Re: [Swan] Android native VPN split tunneling howto : the peer proposed: 0.0.0.0/0:0/0

Paul Wouters Thu, 07 May 2015 12:26:44 -0700

On Thu, 7 May 2015, Anthony Alba wrote:

Using libreswan 3.12 with the native Android VPN client.


I am using the example in
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH

When I try to narrow the  leftsubnet I get

cannot respond to IPsec SA request because no connection is known for
0.0.0.0/0===10.11.3.41
the peer proposed: 0.0.0.0/0:0/0 -> 10.231.247.1/32:0/0

is there a way to handle this situation?


Unfortunately not.

The proper way is to leave that at 0.0.0.0 and actually send proper
ModeCFG route attributes to the client. Currently, we only support
those route attributes on the client side.

to support this, code would need to be changes to add a new config
options to specify the subnets for this (eg xauth-subnets=) and
for the server to send the ModeCFG payloads _and_ add the proper
IPsec SA's to the spd_route.

Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Re: [Swan] Android native VPN split tunneling howto : the peer proposed: 0.0.0.0/0:0/0

Reply via email to