[strongSwan] Not Able to Connect
Info
infosec at quantum-equities.com
Thu Mar 29 20:12:04 CEST 2018
On 03/29/2018 10:21 AM, Andreas Steffen wrote:
> Hi,
>
> yes you can fully integrate a remote host into a LAN by using the
> farp and dhcp plugins on the VPN gateway so that the gateway
> acts as an ARP proxy for the remote clients. Have a look at the
> following example scenario based on swanctl:
>
> https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/
>
> In swanctl.conf
>
>
> https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/moon.swanctl.conf
>
> use pools = dhcp and in strongswan.conf
>
>
> https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/moon.strongswan.conf
>
> define the DCHP server to be used.
>
> Regards
>
> Andreas
Thanks Andreas. You likely know (but for the benefit of others), things
are done differently in RHEL. For the plugins normally loaded by
/etc/strongswan/strongswan.conf, in the case of RHEL there's just a call to:
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
}
}
... and in that directory there's a .conf for each plugin. Given the
charon.log, all required plugins are already being loaded without my
intervention (at least for charon, Idk about swanctl), including farp
and dhcp. Since I no longer use the stroke plugin I set in its .conf
file load = no. And in dhcp.conf I set server = 192.168.1.10 which
will be the LAN DHCP server.
Thing is since I run servers I've always used static IPs, so I'll have
to figure out DHCP predictable assignment. But with the transition to
IPV6 I will be using DHCP exclusively. (for the love of all that's holy)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180329/1640bec9/attachment.html>
More information about the Users
mailing list