[Swan] Static ip for clients ikev1+xauth
Jonas Trollvik
jontro at gmail.com
Wed Apr 22 20:46:35 EEST 2015
Hello,
after reading that IKEv1+xauth now is the recommended way for doing
vpn over ipsec I started out configuring it as specified in
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH
I have a connection that looks like the following
conn xauth-rsa
authby=secret
pfs=no
auto=add
rekey=no
left=<my ip>
leftid=<my id>
leftsendcert=always
leftsubnet=0.0.0.0/0
rightaddresspool=192.168.42.100-192.168.42.250
right=%any
modecfgdns1=8.8.8.8
modecfgdns2=8.8.4.4
leftxauthserver=yes
rightxauthclient=yes
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
ike-frag=yes
xauthby=file
The connection works fine from macosx, however what I would like to do
is set a static ip for certain connecting clients. Either based on
group id, xauth username or shared secret.
Also I would like to enable split tunneling, how would one do this,
currently all traffic is routed throught the vpn (there is no option
in the built in macos client to turn this off), I would only like to
route through certain ip ranges, is it possible to control this from
libreswan?
Running on libreswan head as of 4499dca1521fa16901efd9e380f6cf9da44d7f47
Kind regards
Jonas
More information about the Swan
mailing list