I have a fairly typical client/server IPSec/XAuth VPN configured. It works
great normally, but now I have some clients who want to use peer-to-peer
apps with each other (iMessage). It's not working, and I tracked it down
to the fact that my VPN clients can see the internal network when they
connect, but they cannot reach each other.
So for example, if one client connects on 10.10.128.1 and another connects
to the same VPN server on 10.10.128.2, then they cannot ping each other. I
dumped packets and I see the encrypted ICMP echo request come into the
server, and then I see the server send out an ARP request for the other IP
on its primary interface.
So this looks like a routing problem, but I'm not strong enough with my
routing-kung-fu to know how (or if) I can fix this.
Any suggestions?
My ipsec.conf on the server is as follows:
conn ios
keyexchange=ikev1
authby=xauthrsasig
xauth=server
left=%defaultroute
leftsubnet=0.0.0.0/0
leftcert=pw-hq.com.crt.x509.pem,pw-hq.com.crt-intermediate2.x509.pem,pw-hq.com.crt-intermediate1.x509.pem
right=%any
rightauth=pubkey
rightauth2=xauth-pam
rightsubnet=10.10.0.0/16
rightsourceip=10.10.128.0/17
rightca="C=US, ST=California, L=San Diego, O=My Company, OU=CA, CN=
my-company.com/emailAddress=net...@my-company.com"
auto=start
Thanks,
Mark
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
