On Sun, 24 Jun 2018, Lindsay Mathieson wrote:
Trying to get a subnet<->subnet vpn between work and my home Archer D9 router
So I assume this goes across the internet?
Work Internet : TPLink ER-5120 ADSL2+ - Static public ip on mycompany.com.au - Internal subnet 192.168.5.0/24 - DMZ to Ubuntu server on 192.168.5.52 Home Internet: - xDSL, Dynamic IP
Jun 24 17:28:47 vpnserver pluto[12658]: packet from x.x.x.x:500: initial Main Mode message received on 192.168.5.52:500 but no connection has been authorized with policy PSK+IKEV1_ALLOW
Because you are using your internal IPs for left/right but those are not the IPs on which you run IKE itself.
conn lindsay also=common leftsubnet=192.168.1.0/24 rightsubnet=192.168.5.0/24 conn common type=tunnel left=192.168.1.1
You want left=%defaultroute to pickup your dynamic IP.
leftsourceip=x.x.x.x right=192.168.5.52
You want right=mycompany.com.au (or if it is a static IP put that in)
ike=3des-md5;modp1024 phase2alg=3des-md5;modp1024
Really should modernize these. Easiest is just leave out these two lines and it will pick much better algorithms, like AES_GCM.
lindsay.secrets %any %any : PSK "test"
Don't forget to make it much stronger than that :P Ideally, move to raw RSA keys instead. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
