[strongSwan] help needed for split VPN

[Marco Ertel]

Hello,

I am a newbie to ipsec. I was able to setup a working VPN but struggled with the split setup.

My setup is a normal home setup:

-DSL Connection from my home network (192.168.178.0/24)

-DSL Router (192.168.178.1) (ESP and needed udp ports are forwarded the raspberry)

-Raspberry (192.168.178.xx) with running ipsec

-my mobile devices get an address in the range 192.168.179.1-192.168.179.50

 
I can connect and use the VPN from my laptop connected to a mobile network. But all traffic is then routed over my home network (which is working but I only want to have the traffic for 192.168.178.0/24 routed over VPN).
I think I have to use several connections in ipsec.conf with the passthrough policy but I tried a lot of variants and googled much more and was not able to get it running.

Can somebody here help me or give me a hint?

Here is my actual ipsec.conf:

 
config setup

    charondebug="ike 1, knl 1, cfg 0"

    uniqueids=no

 
conn ikev2-vpn

    auto=add

    compress=no

    type=tunnel

    keyexchange=ikev2

    fragmentation=yes

    forceencaps=yes

 
    dpdaction=clear

    dpddelay=300s

    rekey=no

    left=%any

    leftid=@my.external.address

    leftcert=/etc/ipsec.d/certs/vpn-server-cert.pem

    leftsendcert=always

    leftsubnet=0.0.0.0/0

    right=%any

    rightid=%any

    rightauth=eap-mschapv2

    rightdns=192.168.178.1

    rightsourceip=192.168.179.1-192.168.179.50

    rightsendcert=never

    eap_identity=%identity

 
Many thanks and Kind Regards,

Marco

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190319/3f946b69/attachment.html>