I should probably add the virtual-private too:
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v4:!192.168.0.0/24
On 11/14/2020 7:07 PM, Manfred wrote:
I'm trying to set up a remote VPN access, and for simplicity I am
starting with IKEv1 & PSK (the final setup will be IKEv2 & certs, but
I'd rather figure this out first).
I am able to establish a connection from client to server, and access
all services on the server itself (http, ssh, ...) but I'm stuck at the
point that I can't access any other host at the server site (e.g.
192.168.0.35)
Thanks in advance for any help!
On the server site:
UDP ports 500, 4500, and 50 are being NAT forwarded from the public
gateway to the ipsec server at 192.168.0.27, subnet is 192.168.0.0/24
server config is:
conn server-vpn
ikev2=no
ike=aes256-sha1;dh14
esp=aes256-sha1
authby=secret
# left=XXX.XXX.XXX.XXX # public IP of the gateway
# leftnexthop=%defaultroute
left=%defaultroute
leftid=XXX.XXX.XXX.XXX # public IP of the gateway
# leftsourceip=192.168.0.27
leftsubnet=192.168.0.0/24
right=%any
rightsubnet=vhost:%no,%priv
auto=add
client site is supposed to be dynamic IP, behind a gateway at
192.168.1.25, subnet is 192.168.1.0/24
client config:
conn client-vpn
ikev2=no
ike=aes256-sha1;dh14
esp=aes256-sha1
authby=secret
left=%defaultroute
# leftid=XXX.XXX.XXX.XXX
# leftsubnet=vhost:%no,%priv
# leftsubnet=192.168.1.0/24
right=XXX.XXX.XXX.XXX # public IP of the gateway at server site
rightsubnet=192.168.0.0/24
auto=add
(Maybe it's worth mentioning that the server is running libreswan 4.1 on
Fedora 32, the client is with 3.30 on Fedora 30)
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
