[strongSwan] Question on Networking in StrongSwan

Wed Apr 2 17:22:07 CEST 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Ben,

You should probably take a look at this: http://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling

Regards,
Noel Kuntze

Am 02.04.2014 17:07, schrieb Hay, Ben (TS Consulting):
>
> 
>
> Hi Everyone
>
> 
>
> I am trying to configure StrongSwan to allow access from mobile devices to internal resources on my network. I have a working VPN server in the sense I can connect and obtain a virtual IP from the server. I have set the internal DNS server in the /etc/ipsec.conf file (shown below).
>
> 
>
> Conn windows8
>
>           Left = 10.1.0.2
>
>           Leftcert=ss.cert
>
>           Leftid=”<keeping secret>”
>
>           Leftsubnet=172.17.61.20/24
>
>           Leftfirewall=no
>
>           Right=%any
>
>           Rightdns=172.17.61.10
>
>           Rightsourceip=10.5.100.0/24
>
>           Rightsendercert=never
>
>           Righted=”<keeping secret>”
>
>           Keyexchange=ikev2
>
>           Auto=add
>
> 
>
> However I am unable to access any of the resources. Having done some network snooping with Wireshark, I can see that the DNS requests are arriving at the DNS server however they replies never get sent back to the client device. Do I need to set up some routing to allow this to happen?
>
> 
>
> Any help would be much appreciated. Thanks in advance.
>
> 
>
> Ben
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTPCsfAAoJEDg5KY9j7GZYPFMP/R6FFJDc70tTIeV7d/or6mHj
KvRiF0VqHHsVaKhG+GEJY8/xcYhg62IK9VsOQfWL24TRplqQZxJhlgoH/R2FNJaR
wMB7ctU2+GmyszMAz8PuHwKt4hxqlGrkRwrE/3/nrO3o+pOanSLgmleB/hwgtFEr
lI9Rw79P4dHcUpoE4xfPoLgXgKRCqeU+IpBtWx0AdT3k4qMsy68NrPBliO4sLB4a
7On+T+5lPlYGgbTPlbDr3Er3hv1XsRvKhzgyssvWMFedn57nIQ1MgHhEZf1Db8UK
JM7MxZCT9iw19qC9vUiS/9D8uw7nPUXKHWDNAZQ0Vzh+IyhtcJ1PAOmTw5qak4n8
4cBxpaoqPSPBn/blVsCHGv7LI2drYKvxsdk3yEN5+FomCP1rB7vt8olk6jM3c56c
9h6VsEVBKEhCAQW2eR7izl1cJY479fp66ZFdhwa8tF4tBiFWFxVLW0u5zF1au+Wk
vQq5kpNlmDpOZxm/+0cTTtZL8guyTyDdcJWxNBRlDv86Wgw++QKWsieQ7zUzlaXI
+9GozGtV4YVIdQSCwj2FfLlwWOclcrm/IgQ+POPnz/df+9GyEH7BqE3T6hlz6YCO
b5i2+vdqBbGHAmfJSELvbhBJOLsydFGOx133JLpyDwt910XwjCS/ulw4LB4pfl+q
KcLMvuIZ83SQJzQTqCEy
=Iyal
-----END PGP SIGNATURE-----