christian at solvare.se
Mon Dec 9 12:50:25 CET 2013
I believe that should be automatic?
Also, is not that for ikev2?
As we have no problems connecting to hosts on the lan from clients
connected from the outside, I believe that arp should be working?
(Many question marks as everything of course is AFAIK...)
Noel Kuntze skrev 2013-12-09 12:32:
> Hello Christian,
> You need to use the "farp" plugin, if you use the IP from your LAN
> subnet. Otherwise the router on the LAN won't be able to resolve
> the IPs to MAC addresses. The "farp" plugin solves this issue by
> spoofing arp responses.
> Regards Noel Kuntze
> Am 09.12.2013 12:28, schrieb Christian Huldt:
>> I have on (old) openswan gateway with ipsec-psk and l2tp and one
>> strongswan 5.1.1 with ikev1 with certificates for users to
>> connect to.
>> I must however be doing something wrong as users connected to
>> strongswan cannot connect to internet, while users connected to
>> openswan has no problems at all.
>> Apart from the ipsec implementation most things are equal,
>> including to firewall rules - in fact, strongswan replace
>> openswan that worked just like the remaining openswan gateway.
>> tcpdump shows packets going out but not coming in, IPs are
>> provided by dhcp for strongswan, while openswan has a separate
>> What is the best way to debug this?
>> _______________________________________________ Users mailing
>> list Users at lists.strongswan.org
More information about the Users