Hi, I have a VPN server on a MikroTik router. I'm trying to connect to it from strongswan client on Ubuntu 10.04.1 LTS.
This is how I installed strongswan: apt install strongswan network-manager-strongswan strongswan-nm libstrongswan-extra-plugins strongswan-swanctl Then I used the network manager applet (GUI) to add a new VPN connection. The server uses IKEv2 with server and client side certificates for authentication. My problem is that when I connect to the server, only the first route is added. For example, if I have this on the server: |/ip ipsec mode-config add address-pool=vpn.my.server.hu address-prefix-length=32 name="modeconf vpn.my.server.hu" split-include=192.168.13.0/24,|||172.111.0.0/16|,10.0.88.0/24 static-dns=10.0.88.1 system-dns=no | Then I can see this in ip xfrm policy after the VPN server is connected: |*src 10.0.88.100/32 dst 192.168.13.0/24 * dir out priority 371327 tmpl src 192.168.14.2 dst 1.2.3.5 proto esp spi 0x0c51282e reqid 4 mode tunnel *src 192.168.13.0/24 dst 10.0.88.100/32 * dir fwd priority 371327 tmpl src 1.2.3.5 dst 192.168.14.2 proto esp reqid 4 mode tunnel *src 192.168.13.0/24 dst 10.0.88.100/32 * dir in priority 371327 tmpl src 1.2.3.5 dst 192.168.14.2 proto esp reqid 4 mode tunnel | As you can see, 172.11.0.0/16 was not added. 10.0.88.0/24 was also not added. If I change the order of the networks on the server, then the first one takes precedence. For example this config: |/ip ipsec mode-config add address-pool=vpn.my.server.hu address-prefix-length=32 name="modeconf vpn.my.server.hu" split-include=|||172.111.0.0/16|,|||192.168.13.0/24|,10.0.88.0/24 static-dns=10.0.88.1 system-dns=no | Will add route for 172.111.0.0/16 on the client. But it won't add 192.168.13.0/24 nor 10.0.88.0/24. The problem is not with the VPN server, because I can connect to it from Windows 10, and all routes pushed by the server are correctly added to the routing table. There must be an option somewhere for this, but I just can't find it. Thanks, Laszlo