On Wed, 2 May 2018 22:54:43 +0300 Tuomo Soini <[email protected]> wrote:
> On Wed, 2 May 2018 20:08:59 +0200 > Erik Andersson <[email protected]> wrote: > > > Hi all, > > > > I'm running libreswan 3.23 (using netkey/xfrm) on fedora 26. > > > > Trying to connect clients via xauth and modecfg where the address > > pool for clients is a subset of the network "behind the ipsec > > gateway". > > > > Using the following configuration: > > > > conn remote > > auto=start > > authby=secret > > right=10.48.28.81 > > left=%any > > rightsubnet=192.168.110.0/24 Sorry, I didn't give you more instructions last night because I was a bit confused about your config. I always use left == local, right == remote logics and noticed your config was either client config or had logics other way around and I was already leaving computer when I quickly answered. There are two ways to force routing. rightupdown="ipsec _updown.netkey --route yes" Or. rightsourceip=192.168.110.254 (or .1 or whatever your ip os in 192.168.110.0/24 network). I'm trying to find out a way to do routing automatically in this case. Adding routes is easy but removing is not in this case. > You need to enable routing for that to work. Proxy arp requires host > route to client. > > While xfrm doesn't need routing, ip stack does. > -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
