[Swan] Host to subnet setup ?

Glenn Pierce glennpierce at gmail.com
Thu Mar 31 15:24:13 UTC 2016


I am new to libreswan and I am having a little trouble with the config.

Bascally I want to accesss a private network from a
public server. Ie

Host to subnet but I can find examples for that setup.

The public server is a standard Linux server (Centos7). The private
network will have a MiKroTik router as the VPN Gateway.
Before setting up for real I am testing at my house. So I have the
added complication of being stuck behind my isp router.
I have placed the MiKroTik router (first gateway) in a DMZ and
configured my home isp router to forward all traffic to the
MiKroTik gateway.

The following image shows this setup better

I have started with a site to site config and have something like this

conn tunnel
    left=       # External isp assigned address
    right=         # Public server IP
    # load and initiate automatically

conn private
    leftsubnet=             # Private network side of
Mikrotik router
    rightsubnet=   # "Public" size of Mikrotik router

conn server

So is the external ip of the MikroTik router (assigned
from my ISP router)

I just get lots of STATE_MAIN_I3: retransmission; will wait 500ms for
response etc
when bringing up the connection.

I sure I should have more in the conn server section as well.

Any advice would be great thanks.

More information about the Swan mailing list