[strongSwan] IPsec drop policies 2
reterverv ercertecrterc
bernd1293 at inbox.lv
Mon Jan 20 17:48:47 CET 2020
Hello.
I have now following configuration. The connection is blocked before the configuration is started. That is also correct.
But when the connection is established, then I have no internet connection.
What is missing in the configuration?
Best regards
Bernd
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
connections {
dropall {
children {
dropall {
local_ts = 0.0.0.0/0
remote_ts = 0.0.0.0/0
priority = 2
mode = drop
start_action = trap
}
}
}
lan-passthrough {
children {
lan-passthrough {
local_ts = 192.168.1.0/24 # Replace with your LAN subnet
remote_ts = 192.168.1.0/24 # Replace with your LAN subnet
priority = 1
mode = pass
start_action = trap
}
}
}
pp {
unique = never
version = 2
keyingtries=0
dpd_delay = 300s
rekey_time = 0
encap = yes
proposals = aes256-sha256-modp2048
vips = 0.0.0.0
send_cert = never
send_certreq = yes
local_addrs = 192.168.1.1 # Replace with your default Router IP address
remote_addrs = <PP Server IP> # Replace with your PP Server IP
local {
id = 192.168.1.1 # Replace with your default Router IP address
auth = eap-mschapv2
eap_id = Username # Replace with your PP-Username
}
remote {
id = %any
auth = pubkey
}
children {
pp {
dpd_action = start
close_action = start
inactivity = 36000s
life_time = 0
esp_proposals = aes256-sha256
updown = /etc/swanctl/updown.sh
remote_ts = 0.0.0.0/0
priority = 1
mode = tunnel
start_action = none # "none" is for manual start, or use "start" for autostart
}
}
}
} # connections
secrets {
eap-user {
id = Username # Replace with your PP-Username
secret = "Password" # Replace with your "PP-Password"
}
} # secrets
-------------------------------------------------------------------------------------------------------------------------------------------------------------
More information about the Users
mailing list