My VPN server running CentOS 8 doubles as a KVM hypervisor. I've also
configured a virtual network (using the libvirt "virbr0" virtual bridge
interface) to be used for guest to host communication between the
server and the VMs. If you're not familiar with this specific
configuration of libvirt networking, see here:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/virtualization_host_configuration_and_guest_installation_guide/app_macvtap
In terms of the libreswan configuration, here is what I'm currently
using (XAUTH/IKev1 w/PSK):
conn xauth-psk
authby=secret
pfs=no
auto=add
rekey=no
left=%defaultroute
leftsubnet=0.0.0.0/0
rightaddresspool=192.168.1.30-192.168.1.50
right=%any
cisco-unity=yes
modecfgdns=192.168.1.1
modecfgdomains="foo.bar.local, bar.local"
leftxauthserver=yes
rightxauthclient=yes
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
xauthby=pam
ike-frag=yes
ikev2=never
Everything works great. I can successfully hit all endpoints utilizing
the 192.168.1.0/24 subnet, but not anything on the 192.168.122.0/24
subnet that is used by the virtual network. How would I go about
setting this up?
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
