[Swan] Roadwarriors Setup With Routing
Paul Wouters
paul at nohats.ca
Tue Oct 31 12:43:51 UTC 2017
On Tue, 31 Oct 2017, Nirvana wrote:
> Or you can set up one for 0.0.0.0/0 on the server, install firewall rules
> there to limit traffic to the three networks, and give the client a custom
> leftupdown= script that only routes those 3 subnets into the single VTI
> device.
> Thanks for the response! I am doing what you suggested (0.0.0.0/0 on server and adding routes for VTI interface) and it appears to be working. For instance I am able to add a functioning
> route using: ip r a 192.168.2.0/24 dev vti9 scope link src 192.168.9.12
>
> However if I try to add routes using an updown script I am having an issue where vti9 isn't up yet so I can't add the routes yet. Below is how I was able to test that.
>
> In the client config I added: leftupdown=/etc/ipsec.updown
Did you copy the _updown.netkey script and make your additions to that
script? You still need the real updown script because that is the
script that actually creates the vti device.
> and created that executable shell script with the following contents:
> ip a
> exit 0
Is that a copy paste error? Because I see no script. But you really need
to take _updown.netkey and _add_ your custom things to that script.
Paul
More information about the Swan
mailing list