[strongSwan] Connection works, but no access to network
Gregg Hughes
ghughes at iscinternational.com
Tue Jul 30 20:51:12 CEST 2013
Good afternoon, Tobias!
Thanks for the push; that was precisely the information I needed to get the connection to complete.
After reviewing the dhcp plugin information, I substituted %dhcp for the rightsourceip directive in ipsec.conf - and it worked! The Ubuntu repository has farp and dhcp compiled in their binary, so it was easy to fix.
Thanks!
Gregg
-----Original Message-----
From: Tobias Brunner [mailto:tobias at strongswan.org]
Sent: Tuesday, July 30, 2013 12:21 PM
To: Gregg Hughes
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] Connection works, but no access to network
Hi Gregg,
First, let me point out the "Forwarding and Split-Tunneling" guide on our wiki [1].
> iface eth0 inet static
> address 192.168.1.102
> netmask 255.255.255.0
> gateway 192.168.1.1
> network 192.168.1.0
> broadcast 192.168.1.255
> dns-search XXXX.com
> dns-nameservers XXX.XXX.XXX.XXX
Do the hosts behind the VPN gateway (192.168.1.0/24) know that they have to send packets for 192.168.200.160/28 to your VPN gateway at
192.168.1.102 and not the default gateway at 192.168.1.1? If not, you will have to change the routing somehow, for instance, add a route to each host behind the VPN (manually, or e.g. via DHCP option 121), or add a static route on your default gateway that directs the traffic to your VPN gateway.
Regards,
Tobias
[1]
http://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
More information about the Users
mailing list