[Swan] Need help connecting a TPLink Archer D9 to a Ubuntu libreswan ipsec server
Paul Wouters
paul at nohats.ca
Sun Jun 24 17:12:35 UTC 2018
On Sun, 24 Jun 2018, Lindsay Mathieson wrote:
> Trying to get a subnet<->subnet vpn between work and my home Archer D9 router
So I assume this goes across the internet?
> Work Internet : TPLink ER-5120 ADSL2+
> - Static public ip on mycompany.com.au
> - Internal subnet 192.168.5.0/24
> - DMZ to Ubuntu server on 192.168.5.52
>
> Home Internet:
> - xDSL, Dynamic IP
> Jun 24 17:28:47 vpnserver pluto[12658]: packet from x.x.x.x:500: initial Main
> Mode message received on 192.168.5.52:500 but no connection has been
> authorized with policy PSK+IKEV1_ALLOW
Because you are using your internal IPs for left/right but those are not
the IPs on which you run IKE itself.
> conn lindsay
> also=common
> leftsubnet=192.168.1.0/24
> rightsubnet=192.168.5.0/24
>
> conn common
> type=tunnel
> left=192.168.1.1
You want left=%defaultroute to pickup your dynamic IP.
> leftsourceip=x.x.x.x
> right=192.168.5.52
You want right=mycompany.com.au (or if it is a static IP put that in)
> ike=3des-md5;modp1024
> phase2alg=3des-md5;modp1024
Really should modernize these. Easiest is just leave out these two lines
and it will pick much better algorithms, like AES_GCM.
> lindsay.secrets
> %any %any : PSK "test"
Don't forget to make it much stronger than that :P Ideally, move to raw
RSA keys instead.
Paul
More information about the Swan
mailing list