[Swan] cannot get traffic to lan when using xauth and pool address is on lan segment
Antonio Silva
asilva at wirelessmundi.com
Wed Apr 12 09:24:56 UTC 2017
Hi,
My current setup:
--- eth0 (192.168.0.254/24)
WAN --- router --- vlan 1 on eth0 (192.168.168.254/24)
i set the ipsec conn with
rightaddresspool=192.168.168.87-192.168.168.90, the connection is
established and i get the ip 192.168.168.87 on my device.
I then can connect to the server against the ip 192.168.168.254, so far
good.
But when try to connect to a lan device, like 192.168.168.249,i can't..
in tcpdump in the router i see the lan device sending the arp request
who as the 192.168.168.87, but no reply from the router, I've set the
proxy arp on the interface as suggested on the wiki
(https://libreswan.org/wiki/FAQ#Can_I_hand_out_LAN_IP_addresses_in_the_addresspool.3F),
but no luck...
net.ipv4.conf.eth0.proxy_arp=1
From the router i can ping 192.168.168.87.
Any suggestion on how to solve this? or this configuration is not ideal
and i must defined a different pool for the vpn side?
Thanks,
António
More information about the Swan
mailing list