[strongSwan] stuck at quick mode following xauth+modecfg
Justin Pryzby
pryzby at telsasoft.com
Mon Mar 28 20:38:46 CEST 2016
On Mon, Mar 28, 2016 at 11:19:00AM -0500, Justin Pryzby wrote:
> I'm converting ~10 "remote access" VPNs (modecfg client) to strongswan
> (5.3.5-1ubuntu2). This one *has* worked with strongswan, but now gets stuck in
> phase 2.
Inspired by cisco's document [0], I tried setting rightsubnet=0.0.0.0/0, which
seems to fix the phase 2 issue; but, evidently they don't push a narrower
route, and this caused a default route to be added and breaks the world.
I'll ask the remote side if they can change their config for our user, but is
it possible to have a "remote facing" rightsubnet to be used in the layer 2
proposal, and a split/refined/narrowed rightsubnet for use in adding routes ?
This could also be solved if it were possible to set a charon option for a
single connection: routing_table or routing_table_prio. Our firewall can have
static routes to the individual remote IPs/32.
Justin
[0] http://www.cisco.com/c/en/us/support/docs/network-management/remote-access/117257-config-ios-vpn-strongswan-00.html
More information about the Users
mailing list