[Swan] ikev2 and win7
Paul Wouters
paul at nohats.ca
Wed May 13 06:26:50 EEST 2015
On Tue, 12 May 2015, Bob Miller wrote:
> I think I got it figured out. In the hopes it is useful to others, this is
> what I did:
Thanks, I'll put this up on the Wiki!
> It seems that routing is a different game here. the way I used to do it was
> set the leftsubnet to be that of the remote network, then use iptables to do
> FORWARD between the networks, and then a NAT rule to allow internet access.
> I found that using this config, the leftsubnet *also* has to be set to
> 0.0.0.0/0 in order to allow internet traffic.
>
> I am not really clear on the narrowing function, I think I need to learn more
> on that, but that will be for another day. Thanks again for the pointer,
> Paul...
Narrowing basically lets a client ask for a subnet, and the server to
respond with a narrowed set of that. So you ask for 0.0.0.0/0 and you
get say 10.0.0.0/8.
Gory details are at https://tools.ietf.org/html/rfc7296#section-2.9
for a quick overview see "narrowing" in the "man ipsec.conf"
documentation.
Paul
More information about the Swan
mailing list