[Swan] Android native VPN split tunneling howto : the peer proposed: 0.0.0.0/0:0/0
Anthony Alba
ascanio.alba7 at gmail.com
Thu May 7 07:52:00 EEST 2015
Hello,
Using libreswan 3.12 with the native Android VPN client.
I am using the example in
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH
When I try to narrow the leftsubnet I get
cannot respond to IPsec SA request because no connection is known for
0.0.0.0/0===10.11.3.41
the peer proposed: 0.0.0.0/0:0/0 -> 10.231.247.1/32:0/0
is there a way to handle this situation?
The Android VPN client has an Advanced option which allows me to
configure split tunneling but I would prefer it to be handled by the
server side.
"The split tunneling directive will be sent automatically if the xauth
server side has configured a network other than 0.0.0.0/0"
conn xauth-rsa
authby=rsasig
pfs=no
auto=add
rekey=no
left=10.11.3.41
leftcert=xxxx
leftid=@xxxx
leftsendcert=always
leftsubnet=192.168.100.0/24
rightaddresspool=10.231.247.1-10.231.247.254
right=%any
rightid=%fromcert
rightrsasigkey=%cert
modecfgdns1=192.168.100.15
leftxauthserver=yes
rightxauthclient=yes
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
xauthby=alwaysok
ike-frag=yes
Anthony
More information about the Swan
mailing list