[strongSwan-dev] config w/ multiple ios devices on a network...

Andrew Foss afoss at actmobile.com
Thu Apr 23 16:40:08 CEST 2015


I am bringing up an ipsec server for our ios users and suspect my "left" 
parameters aren't quite right, but so far my changes have made it not 
work at all and I am not fully understanding the descriptions. I am 
running 5.3.0, our ifupdown scripts open iptables rules to allow access 
to dns and the servers.

What is see is first device on a network connects and works fine. Second 
device connects and neither works, second device gets disconnected, as 
if the routing/nat handling is sending packets down the wrong tunnel.

Here's my config, I suspect leftsubnet should be 0/0, these are just 
devices connecting for themselves, not another vpn gateway connecting a 
network. Any pointers?

conn ios
     keyexchange=ikev1
     #esp=null-sha1!
     authby=xauthrsasig
     xauth=server
     left=%defaultroute
     leftsubnet=0.0.0.0/0
     #leftsubnet=10.66.0.0/16
     #leftfirewall=yes
     leftupdown=/opt/actmobile/accelerator/actmobile_ipsec_updown
     leftcert=serverCert.pem
     right=%any
     rightsourceip=10.0.0.0/16
     #rightsourceip=10.100.255.0/28
     #rightcert=clientCert.pem
     #pfs=no
     auto=start
     rekey=yes
     fragmentation=yes
     lifetime=24h
     dpddelay=0
     dpdtimeout=24h
actmobile at accel:~-u

thanks,
andrew


More information about the Dev mailing list