On Mon, Mar 28, 2016 at 11:19:00AM -0500, Justin Pryzby wrote: > I'm converting ~10 "remote access" VPNs (modecfg client) to strongswan > (5.3.5-1ubuntu2). This one *has* worked with strongswan, but now gets stuck > in > phase 2.
Inspired by cisco's document [0], I tried setting rightsubnet=0.0.0.0/0, which seems to fix the phase 2 issue; but, evidently they don't push a narrower route, and this caused a default route to be added and breaks the world. I'll ask the remote side if they can change their config for our user, but is it possible to have a "remote facing" rightsubnet to be used in the layer 2 proposal, and a split/refined/narrowed rightsubnet for use in adding routes ? This could also be solved if it were possible to set a charon option for a single connection: routing_table or routing_table_prio. Our firewall can have static routes to the individual remote IPs/32. Justin [0] http://www.cisco.com/c/en/us/support/docs/network-management/remote-access/117257-config-ios-vpn-strongswan-00.html _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
