[strongSwan-dev] config w/ multiple ios devices on a network...
Andrew Foss
afoss at actmobile.com
Thu Apr 23 16:40:08 CEST 2015
I am bringing up an ipsec server for our ios users and suspect my "left"
parameters aren't quite right, but so far my changes have made it not
work at all and I am not fully understanding the descriptions. I am
running 5.3.0, our ifupdown scripts open iptables rules to allow access
to dns and the servers.
What is see is first device on a network connects and works fine. Second
device connects and neither works, second device gets disconnected, as
if the routing/nat handling is sending packets down the wrong tunnel.
Here's my config, I suspect leftsubnet should be 0/0, these are just
devices connecting for themselves, not another vpn gateway connecting a
network. Any pointers?
conn ios
keyexchange=ikev1
#esp=null-sha1!
authby=xauthrsasig
xauth=server
left=%defaultroute
leftsubnet=0.0.0.0/0
#leftsubnet=10.66.0.0/16
#leftfirewall=yes
leftupdown=/opt/actmobile/accelerator/actmobile_ipsec_updown
leftcert=serverCert.pem
right=%any
rightsourceip=10.0.0.0/16
#rightsourceip=10.100.255.0/28
#rightcert=clientCert.pem
#pfs=no
auto=start
rekey=yes
fragmentation=yes
lifetime=24h
dpddelay=0
dpdtimeout=24h
actmobile at accel:~-u
thanks,
andrew
More information about the Dev
mailing list