[strongSwan] understanding openswan

Marcelo Barbudas nostef at gmail.com
Thu Nov 14 19:49:51 CET 2013 

Hi Noel,

I'm trying something simple, taking one step at a time, to establish
the VPN connection and from the client's side (iOS) to still be able
to navigate freely (to hosts not through the VPN). This is the server
config I am using. As soon as the connection is established the DNS
stops working (I don't have a dns1 or left/right dns entry anywhere)
and if I try a http connection to an ip that doesn't work either.

conn ios
        keyexchange=ikev1
        authby=xauthrsasig
        xauth=server
        left=%defaultroute
        leftfirewall=yes
        leftcert=serverCert.pem
        leftsubnet=192.168.21.0/24
        right=%any
        rightsubnet=192.168.22.0/24
        rightsourceip=192.168.22.0/24
        auto=add

-M.

On Thu, Nov 14, 2013 at 10:31 AM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello Marcelo,
>
> 1) Yes, use leftsubnet and rightsubnet.
> 2) Yes, use leftdns.
> 3) Use left for your local config and right for your right config.
> There is documentation for an iOS tunnel in the wiki [1].
>
> [1] http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)
>
> Regards
> Noel Kuntze
>
> On 14.11.2013 19:21, Marcelo Barbudas wrote:
>> Hi.
>>
>> I'm coming from the world of OpenVPN and having a hard time
>> understanding how to implement some features using strongswan.
>>
>> I have been googling and reading docs. I still have some questions
>> that I can't figure out.
>>
>> 1) If I create a host-to-net vpn (iOS to Debian) can I make the client
>> (iOS) NOT send all the traffic through the VPN? I'd like only the
>> communication with certain hosts to be over VPN
>> 2) Can I push my own DNS server with custom entries for the local network?
>> 3) Left vs Right what's the easiest way to create a host-to-net?
>>
>> Again, I apologize for the beginner questions. I respect your time and
>> have been RTFM-ing around.
>>
>> -M.
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJShRb1AAoJEDg5KY9j7GZYohAQAJgBrZRBmQDp7CIHvkXtxNsP
> a3Ol/10hpXsH8MXF1tJeolnqB5Mk5XxMcs8XKBDKFAoTOyVA6uJnROCkOUgWsDs2
> SafJ5IDcwBaqC7gin1k1RUiZuS8FyMlijbsOd1UqkS+K/Yx41ENU3Ivnsbj0g9+n
> KMTxN+qugNBu9X3pfb7nOfQfvbDoYhP7lO6Dx5qlOBDcJWjepV+CwbHRrrEmnp4z
> f1bvRGc4LAH+l5f3yXNXEQDiCc8y+iPuLbGzo7bv9kpCLPJe+hiAyOTT1FLPi5g7
> cfeL8IjMKItgFdcOSvByNlZnEaYocHrXmAW4m1oQc0wLdtBiS/VxrKAovMmihtPc
> 5qkQqRGTCMKiPxmUTJ5o44oWZuLhHBDMTxIZkToJ1LmoeyL0LxI+MtwjZZzc8ZN7
> pBcWqnlWeJGqOsNSpY5ZbAe3JEWh5UgdBIKRL0tLEM7CUipiJ0PDn/t2B+GdSe+E
> pct1LTgUDPXJhhUgxeOaOldLXEMOANaJrQM+mch7cog0sbYW4gTQ3c02v+qtFlWG
> 0pY/J+ZbCzS3S5okLHDwfu+Hr2/uYApKf4aLv+ClXUiEn4nH0NN4GKOn8JfSendn
> f1zSvJNhf4NnVsIF3a/NWqBUOC59QFz/5Lv7jVT2qGmLHFNMoNmYhApXqfiafCJW
> vDRgCOV3+j3L9a/657lB
> =WAa2
> -----END PGP SIGNATURE-----
>

More information about the Users mailing list