[strongSwan] Not Able to Connect

Info infosec at quantum-equities.com
Thu Mar 29 20:12:04 CEST 2018


On 03/29/2018 10:21 AM, Andreas Steffen wrote:
> Hi,
>
> yes you can fully integrate a remote host into a LAN by using the
> farp and dhcp plugins on the VPN gateway so that the gateway
> acts as an ARP proxy for the remote clients. Have a look at the
> following example scenario based on swanctl:
>
>   https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/
>
> In swanctl.conf
>
>
> https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/moon.swanctl.conf
>
> use pools = dhcp and in strongswan.conf
>
>
> https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/moon.strongswan.conf
>
> define the DCHP server to be used.
>
> Regards
>
> Andreas
Thanks Andreas.  You likely know (but for the benefit of others), things
are done differently in RHEL.  For the plugins normally loaded by
/etc/strongswan/strongswan.conf, in the case of RHEL there's just a call to:
charon {
        load_modular = yes
        plugins {
                include strongswan.d/charon/*.conf
        }
}

... and in that directory there's a .conf for each plugin.  Given the
charon.log, all required plugins are already being loaded without my
intervention (at least for charon, Idk about swanctl), including farp
and dhcp.  Since I no longer use the stroke plugin I set in its .conf
file load = no.  And in dhcp.conf I set  server = 192.168.1.10 which
will be the LAN DHCP server.

Thing is since I run servers I've always used static IPs, so I'll have
to figure out DHCP predictable assignment.  But with the transition to
IPV6 I will be using DHCP exclusively. (for the love of all that's holy)





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180329/1640bec9/attachment.html>


More information about the Users mailing list