[strongSwan] Strongswan part of Ubuntu 18.04 LTS = Duplicate client IPs.. and same for Ubuntu 20.04 LTS
Magnus Larsson
list at mserv.pw
Tue Dec 1 03:54:24 CET 2020
Hi,
I upgraded my Ubuntu 16.04 LTS to 18.04 LTS (and now same for 20.04 LTS) but after upgrading all my VPN clients get the same IP; this does not happen in 16.04 with the exact same strongswan config….
$ cat /etc/ipsec.conf
config setup
charondebug="ike 4, knl 4, cfg 4, net 4, esp 4, dmn 4, mgr 4"
uniqueids=no
conn ikev2-vpn
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
ike=3des-sha1-modp1024!
esp=3des-sha1!
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftid=@my.domain.com <mailto:leftid=@my.domain.com>
leftcert=server-cert.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
right=%any
rightid=%any
rightauth=eap-mschapv2
rightsourceip=10.0.214.220-10.0.214.250
rightdns=10.0.214.1
rightsendcert=never
eap_identity=%identity
All clients get assigned the first IP in the range, 10.0.214.220 - in this case all 3 clients have this address, see below (both 18.04 LTS and 20.04 LTS)
root at vpn:~# ipsec leases
Leases in pool '10.0.214.220-10.0.214.250', usage: 1/31, 1 online
10.0.214.220 online ‘userid'
root at vpn:~#
With 16.04 LTS it works as intended:
root at vpn:~# ipsec leases
Leases in pool '10.0.214.220-10.0.214.250', usage: 3/31, 3 online
10.0.214.220 online ‘userid'
10.0.214.221 online ‘userid'
10.0.214.222 online ‘userid'
root at vpn:~#
If I change:
rightsourceip=10.0.214.220-10.0.214.250
to:
rightsourceip=10.0.214.0/24
The VPN server then hands out unique IPs in both 18.04 LTS and 20.04 LTS but I don't want the the VPN server to use the whole subnet, any suggestions?
Thanks,
Magnus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20201130/a0986048/attachment.html>
More information about the Users
mailing list