[strongSwan] access to multiple subnets

Yudi V yudi.tux at gmail.com
Sun Jan 15 15:51:00 CET 2017


Hi all,

Got strongswan VPN  on an openwrt gateway acting as the server. Openwrt
router has two VLANS (say 192.168.1.0/24, 192.168.2.0/24), I used
rightsourceip=%dhcp and let the remote peer get IP from 192.168.1.0/24.

This works fine and I can access resources (mostly network shares) in
192.168.1.0/24 but I would also like to access resources in 192.168.2.0/24.
I cannot seem to figure out how to do this.

Normally when I am connected to the openwrt gateway directly I can access
the resources in both VLANs (has appropriate rules in the firewall).

I did not add any specific firewall rules relating to strongswan setup
except for esp, ah, port 500 and 4500 on wan side.  Not sure what settings
need to be changed to get access to the other subnets.
I would appreciate any suggestions.
I have added the relevant settings below

/etc/ipsec.conf has:

conn rw
        left=%any
        leftsubnet=0.0.0.0/0,::0
        leftauth=pubkey
        leftcert=serverCert.der
        leftid=server1234.ddns.net
        leftfirewall=yes

        right=%any
        rightauth=eap-mschapv2
        rightsourceip=%dhcp
        rightdns=192.168.1.1
        eap_identity=%any
        auto=add

and
/etc/strongswan.d/charon/dhcp.conf    has:

dhcp {
    force_server_address = yes
    load = yes
    server = 192.168.1.255
}


regards,
Yudi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170116/108b191a/attachment.html>


More information about the Users mailing list