On 2018-05-03 07:36, Tuomo Soini wrote:
On Wed, 2 May 2018 22:54:43 +0300
Tuomo Soini <[email protected]> wrote:
On Wed, 2 May 2018 20:08:59 +0200
Erik Andersson <[email protected]> wrote:
Hi all,
I'm running libreswan 3.23 (using netkey/xfrm) on fedora 26.
Trying to connect clients via xauth and modecfg where the address
pool for clients is a subset of the network "behind the ipsec
gateway".
Using the following configuration:
conn remote
auto=start
authby=secret
right=10.48.28.81
left=%any
rightsubnet=192.168.110.0/24
Sorry, I didn't give you more instructions last night because I was a
bit confused about your config. I always use left == local, right ==
remote logics and noticed your config was either client config or had
logics other way around and I was already leaving computer when I
quickly answered.
There are two ways to force routing.
rightupdown="ipsec _updown.netkey --route yes"
Or.
rightsourceip=192.168.110.254 (or .1 or whatever your ip os in
192.168.110.0/24 network).
I'm trying to find out a way to do routing automatically in this case.
Adding routes is easy but removing is not in this case.
Thanks Tuomo for the help! Both suggestions mitigate my issue. Tried to
add routes manually but apparently I was doing it wrong :)
Regards,
Erik
You need to enable routing for that to work. Proxy arp requires host
route to client.
While xfrm doesn't need routing, ip stack does.
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
