[strongSwan] access to multiple subnets
Yudi V
yudi.tux at gmail.com
Sun Jan 15 15:51:00 CET 2017
Hi all,
Got strongswan VPN on an openwrt gateway acting as the server. Openwrt
router has two VLANS (say 192.168.1.0/24, 192.168.2.0/24), I used
rightsourceip=%dhcp and let the remote peer get IP from 192.168.1.0/24.
This works fine and I can access resources (mostly network shares) in
192.168.1.0/24 but I would also like to access resources in 192.168.2.0/24.
I cannot seem to figure out how to do this.
Normally when I am connected to the openwrt gateway directly I can access
the resources in both VLANs (has appropriate rules in the firewall).
I did not add any specific firewall rules relating to strongswan setup
except for esp, ah, port 500 and 4500 on wan side. Not sure what settings
need to be changed to get access to the other subnets.
I would appreciate any suggestions.
I have added the relevant settings below
/etc/ipsec.conf has:
conn rw
left=%any
leftsubnet=0.0.0.0/0,::0
leftauth=pubkey
leftcert=serverCert.der
leftid=server1234.ddns.net
leftfirewall=yes
right=%any
rightauth=eap-mschapv2
rightsourceip=%dhcp
rightdns=192.168.1.1
eap_identity=%any
auto=add
and
/etc/strongswan.d/charon/dhcp.conf has:
dhcp {
force_server_address = yes
load = yes
server = 192.168.1.255
}
regards,
Yudi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170116/108b191a/attachment.html>
More information about the Users
mailing list