[strongSwan] Add routes? (Was: Anyone got strongSwan working with Aruba Networks (as a Aruba VIA client)?)

Jerry Lundström jerry.lundstrom at iis.se
Mon Apr 28 11:33:25 CEST 2014

Hi Martin,

On mån, 2014-04-28 at 11:10 +0200, Martin Willi wrote:
> Your config already has a rightsubnet=, so you can access
> these destinations through the tunnel. You probably want a leftsubnet as
> well to define the subnets for your end; if omitted, you're limited to
> your "external" IP you communicate with IKE.

The subnet was just from the examples. I have added all the
subnets that I want to access via the tunnel but it does not seem to
send any traffic via the tunnel anyway.

One thing I notice is that when I add multiple subnets to rightsubnet
only the last one is shown in statusall and the IPSec policy list.

Also, I added a subnet at the end of the list where I have a machine
that I can see what access it and even if its in the policy and things
"look" ok the traffic is still taking the internet way to that machine
and not via the tunnel.

statusall shows:
child: dynamic === <list of rightsubnet...>
<conn>{1} <left>/32 === <last subnet in rightsubnet>

Do I need to enable IP forwarding maybe?

I've tried adding leftsubnet also for the local network on the client
side but no difference.

conn <conn>
	leftid=user at domain
	right=<VPN end point>
	rightid="<VPN DN>"
	aaa_identity="<AAA DN>"
	rightsubnet=<subnets on other side I want to access,...>

Jerry Lundström - Software Engineer
.SE - The Internet Infrastructure Foundation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 643 bytes
Desc: This is a digitally signed message part
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140428/17f1855e/attachment.pgp>

More information about the Users mailing list