[strongSwan] Strongswan. Address definition/Routing.

Aleksey Kravchenko gmkrab at gmail.com
Thu Sep 14 10:03:29 CEST 2017


Hello, Noel. Thanks for the answer. Unfortunately, there is no way to
bypass.As a solution we can use the second white IP for Strongswan, and the
web server on the 1st IP.

2017-09-13 22:17 GMT+03:00 Noel Kuntze <
noel.kuntze+strongswan-users-ml at thermi.consulting>:

> Hi,
>
> That is because Windows and MacOS implement crappy route based IPsec which
> conceptually can not protect traffic to the IKE peer's
> address (unless policy based routing is used, which neither Windows nor
> MacOS implement).
>
> Kind regards
>
> Noel
>
> On 13.09.2017 17:14, Aleksey Kravchenko wrote:
> > Hello.I need your advice.
> > The work of Strongswan + IKEv2 is configured. Everything works fine (on
> iOS, macOS, windows, linux), but I noticed strange behavior in VPN's work.
> There is a server on which Strongswan and Nginx are installed.When you
> connect to the VPN and go to the site which is located in the same place as
> the strongswan daemon, the nginx log shows different addresses for
> connections. For instance:android / linux -> login from the address issued
> by the VPN  (for example, 192.168.1.2).
> > windows / macos -> login from the usual address (provider address).
> > But if you go to the IP detection server, the result for all devices is
> the same: you logged in from the VPN server.Maybe you have any thoughts
> about this? Thank you!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170914/2b6d475d/attachment.html>


More information about the Users mailing list