[Swan] IPsec/L2TP Subnet Restriction
Chris Seguin
segchris at gmail.com
Tue Mar 29 18:00:23 UTC 2016
Hello, I’m totally stuck and hoping someone can help me out. We currently
have a VPN setup for site to site ipsec and now I want to allow a road
warrior connection and limit that connection to certain subnets. I’ve been
testing and messing with it for days and no matter what when I connect the
user can ping everything connected to the VPN server. I assume I’m failing
to understand but I believed the “leftsubnets=” was to restrict what
networks the connected host had access to? Can anyone shed light on how I
can do this?
My connection description looks like the following:
conn RWConn # road warrior connection description
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
type=transport
left=x.x.x.x
leftnexthop=%defaultroute
leftprotoport=17/1701
leftsubnets={ 192.168.10.0/24 }
right=%any
rightsubnet=vhost:%priv,%no
rightprotoport=17/%any
dpddelay=40
dpdtimeout=130
dpdaction=clear
My goal is to use certificates but for now I'm just trying to get the
subnet restriction to work with PSK.
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160329/60c55b2d/attachment.html>
More information about the Swan
mailing list