[strongSwan] Peer to peer apps among clients
mark at parentsware.com
Mon Apr 28 07:06:26 CEST 2014
I have a fairly typical client/server IPSec/XAuth VPN configured. It works
great normally, but now I have some clients who want to use peer-to-peer
apps with each other (iMessage). It's not working, and I tracked it down
to the fact that my VPN clients can see the internal network when they
connect, but they cannot reach each other.
So for example, if one client connects on 10.10.128.1 and another connects
to the same VPN server on 10.10.128.2, then they cannot ping each other. I
dumped packets and I see the encrypted ICMP echo request come into the
server, and then I see the server send out an ARP request for the other IP
on its primary interface.
So this looks like a routing problem, but I'm not strong enough with my
routing-kung-fu to know how (or if) I can fix this.
My ipsec.conf on the server is as follows:
rightca="C=US, ST=California, L=San Diego, O=My Company, OU=CA, CN=
my-company.com/emailAddress=netops at my-company.com"
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users