[Swan] IPsec/L2TP Subnet Restriction

Chris Seguin segchris at gmail.com
Tue Mar 29 18:00:23 UTC 2016


Hello, I’m totally stuck and hoping someone can help me out. We currently
have a VPN setup for site to site ipsec and now I want to allow a road
warrior connection and limit that connection to certain subnets. I’ve been
testing and messing with it for days and no matter what when I connect the
user can ping everything connected to the VPN server. I assume I’m failing
to understand but I believed the “leftsubnets=” was to restrict what
networks the connected host had access to? Can anyone shed light on how I
can do this?




My connection description looks like the following:


conn RWConn # road warrior connection description

  authby=secret

  pfs=no

  auto=add

  keyingtries=3

  rekey=no

  type=transport

  left=x.x.x.x

  leftnexthop=%defaultroute

  leftprotoport=17/1701

  leftsubnets={ 192.168.10.0/24 }

  right=%any

  rightsubnet=vhost:%priv,%no

  rightprotoport=17/%any

  dpddelay=40

  dpdtimeout=130

  dpdaction=clear


My goal is to use certificates but for now I'm just trying to get the
subnet restriction to work with PSK.



Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160329/60c55b2d/attachment.html>


More information about the Swan mailing list