[Swan] Host to subnet setup ?

Glenn Pierce glennpierce at gmail.com
Thu Mar 31 15:24:13 UTC 2016


Hi

I am new to libreswan and I am having a little trouble with the config.

Bascally I want to accesss a private network 10.0.128.0/22 from a
public server. Ie

Host to subnet but I can find examples for that setup.

The public server is a standard Linux server (Centos7). The private
network will have a MiKroTik router as the VPN Gateway.
Before setting up for real I am testing at my house. So I have the
added complication of being stuck behind my isp router.
I have placed the MiKroTik router (first gateway) in a DMZ and
configured my home isp router to forward all traffic to the
MiKroTik gateway.


The following image shows this setup better

http://89.200.143.48:8000/f/511e58a0c0/

I have started with a site to site config and have something like this

conn tunnel
    left=81.175.246.157       # External isp assigned address
    right=89.200.138.2         # Public server IP
    authby=secret
    # load and initiate automatically
    auto=start

conn private
    also=tunnel
    leftsubnet=10.0.128.0/22             # Private network side of
Mikrotik router
    rightsubnet=192.168.1.222/32   # "Public" size of Mikrotik router

conn server
    also=tunnel


So 192.168.1.222 is the external ip of the MikroTik router (assigned
from my ISP router)


I just get lots of STATE_MAIN_I3: retransmission; will wait 500ms for
response etc
when bringing up the connection.

I sure I should have more in the conn server section as well.

Any advice would be great thanks.


More information about the Swan mailing list