[strongSwan] routing/firewall
Christian Huldt
christian at solvare.se
Mon Dec 9 12:50:25 CET 2013
I believe that should be automatic?
Also, is not that for ikev2?
As we have no problems connecting to hosts on the lan from clients
connected from the outside, I believe that arp should be working?
(Many question marks as everything of course is AFAIK...)
Noel Kuntze skrev 2013-12-09 12:32:
> Hello Christian,
>
> You need to use the "farp" plugin, if you use the IP from your LAN
> subnet. Otherwise the router on the LAN won't be able to resolve
> the IPs to MAC addresses. The "farp" plugin solves this issue by
> spoofing arp responses.
>
> Regards Noel Kuntze
>
> Am 09.12.2013 12:28, schrieb Christian Huldt:
>> I have on (old) openswan gateway with ipsec-psk and l2tp and one
>> strongswan 5.1.1 with ikev1 with certificates for users to
>> connect to.
>
>> I must however be doing something wrong as users connected to
>> strongswan cannot connect to internet, while users connected to
>> openswan has no problems at all.
>
>> Apart from the ipsec implementation most things are equal,
>> including to firewall rules - in fact, strongswan replace
>> openswan that worked just like the remaining openswan gateway.
>
>> tcpdump shows packets going out but not coming in, IPs are
>> provided by dhcp for strongswan, while openswan has a separate
>> subnet...
>
>> What is the best way to debug this?
>
>> _______________________________________________ Users mailing
>> list Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>
>
--
Christian Huldt
+46704612207
More information about the Users
mailing list