On Mon, 4 Jan 2021, Alex wrote:
Client and server agree on the src/dst parameters. eg the leftsubnet and
rightsubnet options. If the vpn client receives a remote subnet of
0.0.0.0/0 it sends all traffic over the tunnel. If it receives a smaller
subnet, only traffic with that destination will go over the tunnel. For
all traffic over the tunnel, the IP the libreswan server assigned to it
is used (eg it appears to the client as leftsubnet=192.168.6.x/32)
Okay, adding leftsubnet=0.0.0.0/0 does enable me to ping the
192.168.6.1 gateway, but I can't reach the 192.168.1.0/24 internal
network.
Then that is really an issue of routing/nat/firewall on the VPN server.
Check the vpn server works properly with: ping -I 192.168.6.1 192.168.1.x work ?
Do you have the VPN server handing out a leftsubnet=192.168.1.0/24 or
leftsubnet=0.0.0.0/0 (with rightaddresspool=192.168.6.XXXXXXX)
It doesn't work when trying leftsubnet=192.168.1.0/24 or
leftsubnet=0.0.0.0/0. It just returns "request timed out." So when I
set leftsubnet=192.168.6.0/24 I can ping the gateway, but when I set
leftsubnet=192.168.1.0/24 or leftsubnet=0.0.0.0/0 I can't reach the
gateway or the 192.168.1.0/24 network.
If you set leftsubnet=192.168.1.0/24 then it covers only that destination
and not 192.168.6.0/24, so it makes sense you cannot ping the gateway
then.
Paul
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
