-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Christian,
This guide[1] should clarify a couple of things and might help you get it working. [1] http://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling Regards Noel Kuntze Am 09.12.2013 12:50, schrieb Christian Huldt: > I believe that should be automatic? > Also, is not that for ikev2? > > As we have no problems connecting to hosts on the lan from clients > connected from the outside, I believe that arp should be working? > > (Many question marks as everything of course is AFAIK...) > > Noel Kuntze skrev 2013-12-09 12:32: >> Hello Christian, >> >> You need to use the "farp" plugin, if you use the IP from your LAN >> subnet. Otherwise the router on the LAN won't be able to resolve >> the IPs to MAC addresses. The "farp" plugin solves this issue by >> spoofing arp responses. >> >> Regards Noel Kuntze >> >> Am 09.12.2013 12:28, schrieb Christian Huldt: >>> I have on (old) openswan gateway with ipsec-psk and l2tp and one >>> strongswan 5.1.1 with ikev1 with certificates for users to >>> connect to. >> >>> I must however be doing something wrong as users connected to >>> strongswan cannot connect to internet, while users connected to >>> openswan has no problems at all. >> >>> Apart from the ipsec implementation most things are equal, >>> including to firewall rules - in fact, strongswan replace >>> openswan that worked just like the remaining openswan gateway. >> >>> tcpdump shows packets going out but not coming in, IPs are >>> provided by dhcp for strongswan, while openswan has a separate >>> subnet... >> >>> What is the best way to debug this? >> >>> _______________________________________________ Users mailing >>> list [email protected] >>> https://lists.strongswan.org/mailman/listinfo/users >> >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSpcVdAAoJEDg5KY9j7GZYFrIP/26Xv0Yh1tG7JkcI4QjeONyU qxfgbw/lxHPXdjjxlMTaLVwuXAV4c7OtF31KH6VVgDGzwXeoFBW8PM6iPwjs7TTe KEO1q0w8Lvp6iFtMt4bhq0etZ9jhhVw40yP5RecgzWF5pON/bFKxLnm0vF1FmdPT Lcosm6uVAZHGdrqh0wUIyW4x5UpVGLmvDBleqE3oR8nT2XuvE6fhU9DXM0thICTM r5qyZgiakpwF5Ro17qVELA4ivqgn5IizdEusm8cpeKnOXSO561+DJddmVi8fAbm/ 44+lL/6n6oGwWl0OEAYhq0bKMnLWDuU5gdo2DDU7FutROnY5R1Ey0ZB/JF4YS6s4 YNVxJGSNAJx28M5F2r7O8DdZH9XcwQ/VxwqG3tS+fS1iVoiFjs64HchlJxWZrFWB GFTt/HH8RrX0GUK3+MYMwxWvobZ8qb+fMhhQKnF5k4HHlQtCcN7fxrIZT09EISkQ lLUaigE52belsUmtjezMOJ8Z56ejFOTNwuFRJoV2YcTL9CtFxJ2mIPjYDv8feqJ8 DTZSYOnOwBS0RVJ0bubM3lQjJhf2nNPXpNwTspLarg00Hi6LrcX3M4EqE9hdabKg A1QUDD6H/oPQJdu4FzopqCHOOiPXTSOb+PmKcQ4mG/uYCav67hVsRgthRlsxlXnB ki/BbX+ydSi6WfT7eGUv =Etc2 -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
