On Wed, 21 Dec 2022, Brendan Kearney wrote:
Subject: [Swan] Tunnel is up, but getting udp port xxxx unreachable
connecting client is seen replying with ICMP udp port unreachable messages:
VPN Server config: conn rac leftsubnet=0.0.0.0/0 right=%any rightaddresspool=192.168.152.50-192.168.152.99
[...]
VPN Client config: conn rac left=%defaultroute leftsubnet=0.0.0.0/0 leftmodecfgclient=yes # Remote Definitions right=host.domain.tld rightid=192.168.152.254 rightsubnet=0.0.0.0/0
You are handing out IPs in the same /24 as the LAN itself? That might cause problems if machines in the LAN are a true /24. You would need proxyarp and what not and it complicates things. I'd recommend splitting of the addresspool into a real seperate network. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
