Just a follow up, its the auto line that stops connection, not the type
Thanks
On 14/07/2021 11:30, Lewis Robson wrote:
Hello all.
Ive been stuck on this one for many, many hours now!
I am trying to set up a connection (split routing?) that will allow 1
type of traffic, and the rest will be normally routed through the
users device as per there usual connection.
e.g. if they hit x ip address with y service, it will be allowed
through, otherwise if they went to google and did a whats my ip, there
current ip will show and not the ipsec ip.
with my current set up, ipsec is working but users get the ipsec ip,
if i set to transport mode, I can still connect to the vpn however it
stops me being able to ssh on until i stop the strongswan service)
here is my config
conn into-ext-vpn
auto=route
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftid=servers external ip
leftcert=server-cert.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
right=%any
rightid=%any
rightauth=eap-mschapv2
rightsourceip=10.0.3.0/24
rightdns=8.8.8.8,8.8.4.4
rightsendcert=never
eap_identity=%identity
ike=chacha20poly1305-sha512-curve25519-prfsha512,aes256gcm16-sha384-prfsha384-ecp384,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
esp=chacha20poly1305-sha512,aes256gcm16-ecp384,aes256-sha256,aes256-sha1,3des-sha1!
please can someone advise on how to go about setting it up so that i
can have users connect in when they request 1 specific service,
otherwise they continue to use there current network
thankyou
--
Lewis Robson
Systems Administrator
Conscious Solutions Limited
Tel: 0117 325 0200
Web: https://www.conscious.co.uk
