[strongSwan] help setting up connection for 1 type of traffic
Lewis Robson
robsonl at conscious.co.uk
Wed Jul 14 12:42:32 CEST 2021
Just a follow up, its the auto line that stops connection, not the type
Thanks
On 14/07/2021 11:30, Lewis Robson wrote:
> Hello all.
>
> Ive been stuck on this one for many, many hours now!
>
> I am trying to set up a connection (split routing?) that will allow 1
> type of traffic, and the rest will be normally routed through the
> users device as per there usual connection.
>
> e.g. if they hit x ip address with y service, it will be allowed
> through, otherwise if they went to google and did a whats my ip, there
> current ip will show and not the ipsec ip.
>
>
>
> with my current set up, ipsec is working but users get the ipsec ip,
> if i set to transport mode, I can still connect to the vpn however it
> stops me being able to ssh on until i stop the strongswan service)
>
> here is my config
>
> conn into-ext-vpn
> auto=route
> compress=no
> type=tunnel
> keyexchange=ikev2
> fragmentation=yes
> forceencaps=yes
> dpdaction=clear
> dpddelay=300s
> rekey=no
> left=%any
> leftid=servers external ip
> leftcert=server-cert.pem
> leftsendcert=always
> leftsubnet=0.0.0.0/0
> right=%any
> rightid=%any
> rightauth=eap-mschapv2
> rightsourceip=10.0.3.0/24
> rightdns=8.8.8.8,8.8.4.4
> rightsendcert=never
> eap_identity=%identity
> ike=chacha20poly1305-sha512-curve25519-prfsha512,aes256gcm16-sha384-prfsha384-ecp384,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
>
> esp=chacha20poly1305-sha512,aes256gcm16-ecp384,aes256-sha256,aes256-sha1,3des-sha1!
>
>
>
> please can someone advise on how to go about setting it up so that i
> can have users connect in when they request 1 specific service,
> otherwise they continue to use there current network
>
>
> thankyou
>
>
--
Lewis Robson
Systems Administrator
Conscious Solutions Limited
Tel: 0117 325 0200
Web: https://www.conscious.co.uk
More information about the Users
mailing list