[strongSwan] Strongswan. Address definition/Routing.

Aleksey Kravchenko gmkrab at gmail.com
Fri Sep 29 12:08:32 CEST 2017 

Hello again! I need your help.

The problem is that the traffic through VPN is sent only when accessing one
specific IP. I pointed this IP to leftsubnet = IP / 32 and everything works
well for linux, macos, android, ios. But Windows in this case does not see
the Internet and only the address specified in leftsubnet is available to
it.

And is it still possible to specify specific ports? For example, you can
only take http and https through VPN. The protoport option did not help.
Thank you in advance!

2017-09-25 16:10 GMT+03:00 Aleksey Kravchenko <gmkrab at gmail.com>:

> Good.
> Thank you, Noel.
>
> 2017-09-25 16:08 GMT+03:00 Noel Kuntze <noel.kuntze+strongswan-users-
> ml at thermi.consulting>:
>
>> Hi,
>>
>> No. As I previously wrote, this is a system intrinsic problem.
>>
>> Kind regards
>>
>> Noel
>>
>> On 25.09.2017 15:03, Aleksey Kravchenko wrote:
>> > Hello. I managed to solve the problem with routes on windows and macos.
>> For this purpose, a second white IP was used.
>> > p.s. Are there any ways or tricks to solve this problem with the same
>> IP address?
>> >
>> > 2017-09-14 11:03 GMT+03:00 Aleksey Kravchenko <gmkrab at gmail.com
>> <mailto:gmkrab at gmail.com>>:
>> >
>> >     Hello, Noel. Thanks for the answer. Unfortunately, there is no way
>> to bypass.As a solution we can use the second white IP for Strongswan, and
>> the web server on the 1st IP.
>> >
>> >     2017-09-13 22:17 GMT+03:00 Noel Kuntze
>> <noel.kuntze+strongswan-users-ml at thermi.consulting <mailto:
>> noel.kuntze+strongswan-users-ml at thermi.consulting>>:
>> >
>> >         Hi,
>> >
>> >         That is because Windows and MacOS implement crappy route based
>> IPsec which conceptually can not protect traffic to the IKE peer's
>> >         address (unless policy based routing is used, which neither
>> Windows nor MacOS implement).
>> >
>> >         Kind regards
>> >
>> >         Noel
>> >
>> >         On 13.09.2017 17:14, Aleksey Kravchenko wrote:
>> >         > Hello.I need your advice.
>> >         > The work of Strongswan + IKEv2 is configured. Everything
>> works fine (on iOS, macOS, windows, linux), but I noticed strange behavior
>> in VPN's work. There is a server on which Strongswan and Nginx are
>> installed.When you connect to the VPN and go to the site which is located
>> in the same place as the strongswan daemon, the nginx log shows different
>> addresses for connections. For instance:android / linux -> login from the
>> address issued by the VPN  (for example, 192.168.1.2).
>> >         > windows / macos -> login from the usual address (provider
>> address).
>> >         > But if you go to the IP detection server, the result for all
>> devices is the same: you logged in from the VPN server.Maybe you have any
>> thoughts about this? Thank you!
>> >
>> >
>> >
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170929/57d238a6/attachment.html>

More information about the Users mailing list