On 15/11/15 01:50, Tom Robinson wrote: > On 14/11/15 22:58, Tuomo Soini wrote: >> On Sat, 14 Nov 2015 21:56:54 +1100 >> Tom Robinson <[email protected]> wrote: >> >> >>> My apologies, I should have said earlier. We're running >>> libreswan-3.9-1 on CentOS 5. >> >> That is all too old version. It doesn't have any support for this >> config. Upgrade to 3.13 which is last version which will work on >> centos-5. >> >> I'd advice you to upgrade to centos-7 where libreswan is standard. >> > Thanks Tuomo, > > I have to support this older system for a few months more. I'm already > configuring a centos-7 replacement. I'll give 3.13 a try on centos-5 > when I get a chance to compile it. >
I have compiled 3.13 and that is now working. Thanks for all the comments and help. I still have an issue though as I'm unable to find a good reference for firewalling/routing. Can anyone point me in the right direction please? The problem now is that after connection is established, the VPN client gets assigned an address from the addresspool= connection setting but it fails contact the internal subnet. Does the addresspool subnet range have to be a different subnet from the internal subnet? How is routing handled? I have: rightaddresspool=192.168.0.241-192.168.0.252 but my internal network is also 192.168.0.0/24 The above combination worked with IPSec/L2TP where xl2tpd assigned a pppd interface with an address from the 192.168.0.241-192.168.0.252 pool (xl2tpd.conf has 'ip range = 192.168.0.241-192.168.0.252'). That worked fine as the ppp? interface would come up and be found in arp requests. With IKEv2, I'm seeing arp requests for an address that has no interface. Is it firewalling, routing or the libreswan connection that needs adjusting here? Kind regards, Tom -- Tom Robinson IT Manager/System Administrator MoTeC Pty Ltd 121 Merrindale Drive Croydon South 3136 Victoria Australia T: +61 3 9761 5050 F: +61 3 9761 5051 E: [email protected]
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
