[strongSwan] Strongswan Forecast and Broadcast from Lan to Vpn clilent, not relayed !

CpServiceSPb . cpservicespb at gmail.com
Sun Sep 4 10:27:24 CEST 2016


I added rightsubnet=%dynamic,255.255.255.255.

Looked at log and saw that packet from Lan client to 255.255.255.255 was
intercepted and sent to 255.255.255.255/32, not to Vpn client in other
words, not to Vpn net.




2016-09-02 23:02 GMT+03:00 CpServiceSPb . <cpservicespb at gmail.com>:

> I have Strongswan 5.5 installed at Ubuntu 14.04 LTS x64, built from
> sources.
> Also forecast plug-in is enabled, set up and working.
> There are some Lan clients and Ikev2 Vpn clients connected from time to
> time.
>
>
> So, there are its settings:
>
> some from ipsec.conf
> mark=%unique at ikev2 connection
> broadcast address 255.255.255.255 is added to leftsubnet, and there is no
> rightsubnet at all
>
> some from strongswan.conf
> forecast {
>             interface=lan
>             reinject=ikev2_cert_,ikev1_xauth_cert
>         }
>
>
> Packets from Vpn clients with 255.255.255.255 as destination are relayed
> to lan interface, but from lan interface are not to ikev2 tunnel.
>
> How is to solve it ?
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160904/15a2b9b7/attachment.html>


More information about the Users mailing list