[strongSwan] split tunneling

Anton warm at mtele.pro
Sat May 18 19:08:04 CEST 2013 

Hi.

Why do You have leftsubnet the same as rightsubnet ?

Try to comment or delete string 'rightsubnet=172.16.1.0/24'. 'rightsourceip' should be enough for working tunnel.



В Sat, 18 May 2013 18:47:58 +0200
Daniel Novy <pepus at ackee.cz> пишет:

> Hello,
> 
> I'm trying to configure a VPN for my iPhone, but I want to route only a 
> specific traffic to this VPN.
> Just the 172.16.1.0/24 subnet, other connectinos should the iPhone 
> initiate directly.
> 
> I have strongswan 5.0.1, and my configuration is:
> 
> root at server:~# cat /usr/local/etc/ipsec.conf
> conn client1device1
>          keyexchange=ikev1
>          authby=xauthrsasig
>          xauth=server
>          left=%defaultroute
>          leftsubnet=172.16.1.0/24
>          leftfirewall=yes
>          leftcert=serverCert.pem
>          right=%any
>          rightsubnet=172.16.1.0/24
>          rightsourceip=172.16.1.1
>          rightcert=sharedClient1device1Cert.pem
>          auto=add
> 
> Routing table of my iphone after the VPN is up:
> 
> iPhone:~ root# netstat -nr
> Routing tables
> Internet:
> Destination        Gateway            Flags    Refs      Use  Netif 
> Expire
> default            utun0              UCS         2        0  utun0
> default            10.38.32.178       UGSc        3        0 pdp_ip
> default            192.168.0.83       UGSc        1        0    en0
> 10.38.32.178       10.38.32.178       UH          4        0 pdp_ip
> 10.38.32.178/32    pdp_ip0            UCS         1        0 pdp_ip
> 46.255.224.60      utun0              UHW         1        2  utun0
> [my_vpnserver_public_ip]       192.168.0.83       UGHS        3        
> 2    en0
> 127                127.0.0.1          UCS         1        0    lo0
> 127.0.0.1          127.0.0.1          UH          2        0    lo0
> 169.254            link#8             UCS         1        0    en0
> 172.16.1.1         172.16.1.1         UH          1       11  utun0
> 192.168.0/16       link#8             UCS         3        0    en0
> 192.168.0.83       0:16:3e:59:6e:7e   UHLW        3       28    en0   
> 1165
> 192.168.1.98       c8:bc:c8:e7:1f:78  UHLW        3       93    en0   
> 1185
> 192.168.1.99       127.0.0.1          UHS         1        0    lo0
> 
> 
> But my all my traffic goes still through the VPN, as it adds utun0 as a 
> default route.
> 
> Can anyone suggest what is wrong? How to force it to route only the 
> 172.16.1.0/24 subnet using the VPN?
> 
> Thanks!
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

More information about the Users mailing list