I believe that should be automatic? Also, is not that for ikev2? As we have no problems connecting to hosts on the lan from clients connected from the outside, I believe that arp should be working?
(Many question marks as everything of course is AFAIK...) Noel Kuntze skrev 2013-12-09 12:32: > Hello Christian, > > You need to use the "farp" plugin, if you use the IP from your LAN > subnet. Otherwise the router on the LAN won't be able to resolve > the IPs to MAC addresses. The "farp" plugin solves this issue by > spoofing arp responses. > > Regards Noel Kuntze > > Am 09.12.2013 12:28, schrieb Christian Huldt: >> I have on (old) openswan gateway with ipsec-psk and l2tp and one >> strongswan 5.1.1 with ikev1 with certificates for users to >> connect to. > >> I must however be doing something wrong as users connected to >> strongswan cannot connect to internet, while users connected to >> openswan has no problems at all. > >> Apart from the ipsec implementation most things are equal, >> including to firewall rules - in fact, strongswan replace >> openswan that worked just like the remaining openswan gateway. > >> tcpdump shows packets going out but not coming in, IPs are >> provided by dhcp for strongswan, while openswan has a separate >> subnet... > >> What is the best way to debug this? > >> _______________________________________________ Users mailing >> list [email protected] >> https://lists.strongswan.org/mailman/listinfo/users > > -- Christian Huldt +46704612207 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
