[Swan] Swan Digest, Vol 73, Issue 3

Antonios Katsouros akatsourossony at gmail.com
Thu Jan 10 09:35:34 UTC 2019 

 Hundreds of thanks for your response to the mailing list.

Please can you help me i am desperate with this problem please

You wrote me to add

leftsourceip=10.50.20.1

but 1) to which configuration, what is the file I have to edit????
2) and where the route will be added??? i need to add the specific route to
be run automatically after VPN is up...  THis route:   route add -net
192.168.11.0/24 gw 10.50.0.2

how I can add this automatically when the vpn goes up again?? (as it is
removed when the devian server loses the vpn)..

please can you help me?

really appreciated ..

many thanks



On Thu, Jan 10, 2019 at 12:27 PM <swan-request at lists.libreswan.org> wrote:

> Send Swan mailing list submissions to
>         swan at lists.libreswan.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.libreswan.org/mailman/listinfo/swan
> or, via email, send a message with subject or body 'help' to
>         swan-request at lists.libreswan.org
>
> You can reach the person managing the list at
>         swan-owner at lists.libreswan.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Swan digest..."
>
>
> Today's Topics:
>
>    1. Re: Dropping AUTH message containing INITIAL_CONTACT on OSX
>       and Win10 (Derek Cameron)
>    2. Help!! (Antonios Katsouros)
>    3. Re: Help!! (Nick Howitt)
>    4. Re: Help!! (Bruno de Paula Larini)
>    5. Re: Dropping AUTH message containing INITIAL_CONTACT on OSX
>       and Win10 (Paul Wouters)
>    6. Re: Help!! (Antonios Katsouros)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 9 Jan 2019 07:47:43 -0800
> From: Derek Cameron <dcamero2016 at gmail.com>
> To: Paul Wouters <paul at nohats.ca>
> Cc: swan at lists.libreswan.org
> Subject: Re: [Swan] Dropping AUTH message containing INITIAL_CONTACT
>         on OSX and Win10
> Message-ID:
>         <CAEW6Rjf5GfK2t=
> YbXuPN0tTatHkuVgzTXn-mchFqZtHffC-T0A at mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> Thanks for your help. You're welcome to copy and paste anything you
> like from my blog post
>
> https://dc77312.wordpress.com/2019/01/09/libreswan-ipsec-ikev2-vpn-on-rhel-8-beta-server-and-windows-10-client/
>
> On Tue, Jan 8, 2019 at 8:08 AM Paul Wouters <paul at nohats.ca> wrote:
> >
> > Right. that changes the setting from EAP-TLS to Machine Certificate. I
> > will add this to the FAQ section. Thanks!
> >
> > Under properties and TCP I believe there is an option for "send all
> > traffic via VPN"
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 9 Jan 2019 19:56:27 +0300
> From: Antonios Katsouros <akatsourossony at gmail.com>
> To: swan at lists.libreswan.org
> Subject: [Swan] Help!!
> Message-ID:
>         <CAPOZpEowY+8uzxpFL-=bujNqDhnM86E_4FNVX=kN1O0S=
> hLPEA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Dear all!!
>
> newbie in list with a serious problem...
>
> I installed Libreswan through a vpn script ( this one :
> https://github.com/hwdsl2/s... !.. Please I need your help... When the vpn
> is establised, I need to add a route on the server (manually currently) in
> order to access the network inside.
>
> My connection seems not that stable so every time the vpn falls and
> reconnects, the route is lost from the server. So I have to go again to
> server and add the route ( route add -net 192.168.61.0/24 gw 10.50.20.2 ).
> Is there a way I can do this automatically??? So when the VPN is down and
> reconnects, after reconnection, the server runs automatically this route on
> its self ( route add -net 192.168.61.0/24 gw 10.50.20.2 ) .
>
> 10.50.20.1 is the server, 10.50.20.2 is the other side (client) which also
> is on the rest network behind.
>
> Please can somebody help???
>
> Hundreds of thanks in advance
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.libreswan.org/pipermail/swan/attachments/20190109/45d4e009/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 3
> Date: Wed, 9 Jan 2019 17:00:34 +0000
> From: Nick Howitt <nick at howitts.co.uk>
> To: swan at lists.libreswan.org
> Subject: Re: [Swan] Help!!
> Message-ID: <491d0268-c544-e101-cd6d-f2793b929f9e at howitts.co.uk>
> Content-Type: text/plain; charset="us-ascii"
>
> An HTML attachment was scrubbed...
> URL: <
> https://lists.libreswan.org/pipermail/swan/attachments/20190109/6e8627bf/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 4
> Date: Wed, 9 Jan 2019 15:14:54 -0200
> From: Bruno de Paula Larini <bruno.larini at riosoft.com.br>
> To: swan at lists.libreswan.org
> Subject: Re: [Swan] Help!!
> Message-ID: <48fa261d-deaa-37fe-cac1-7465062bcf3a at riosoft.com.br>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> Em 09/01/2019 14:56, Antonios Katsouros escreveu:
> > My connection seems not that stable so every time the vpn falls and
> > reconnects, the route is lost from the server. So I have to go again
> > to server and add the route ( route add -net 192.168.61.0/24
> > <http://192.168.61.0/24> gw 10.50.20.2 ). Is there a way I can do this
> > automatically??? So when the VPN is down and reconnects, after
> > reconnection, the server runs automatically this route on its self (
> > route add -net 192.168.61.0/24 <http://192.168.61.0/24> gw 10.50.20.2 )
> .
> >
> > 10.50.20.1 is the server, 10.50.20.2 is the other side (client) which
> > also is on the rest network behind.
> >
> I had a similar issue some months ago. You can add the "leftsourceip"
> parameter to the config so the server will know the way to the other
> side of the tunnel. Example: leftsourceip=10.50.20.1
> Then you can stop adding the route manually.
>
> -Bruno
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.libreswan.org/pipermail/swan/attachments/20190109/895ee884/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 5
> Date: Wed, 9 Jan 2019 13:07:09 -0500 (EST)
> From: Paul Wouters <paul at nohats.ca>
> To: Derek Cameron <dcamero2016 at gmail.com>
> Cc: swan at lists.libreswan.org
> Subject: Re: [Swan] Dropping AUTH message containing INITIAL_CONTACT
>         on OSX and Win10
> Message-ID: <alpine.LRH.2.21.1901091303160.6009 at bofh.nohats.ca>
> Content-Type: text/plain; charset=US-ASCII; format=flowed
>
> On Wed, 9 Jan 2019, Derek Cameron wrote:
>
> >
> > Thanks for your help. You're welcome to copy and paste anything you
> > like from my blog post
> >
> https://dc77312.wordpress.com/2019/01/09/libreswan-ipsec-ikev2-vpn-on-rhel-8-beta-server-and-windows-10-client/
>
> Thanks, I'll see about merging it onto the libreswan wiki. Thanks for
> the permission!
>
> Some notes:
>
> - Please use "libreswan" or "Libreswan", not "LibreSwan" :)
> - Does it survive rekeying? You might want/need to add
>    msdh-downgrade=yes to allow rekeying without or with wrong/bad
>    DH group 1024 (perhaps the latest Windows build fixed this?)
> - I think you can fixup the authentication without using powershell,
>    but I would have to reclick through a windows box again to remember
>    how I did that.
>
> Paul
>
>
> ------------------------------
>
> Message: 6
> Date: Thu, 10 Jan 2019 12:27:13 +0300
> From: Antonios Katsouros <akatsourossony at gmail.com>
> To: swan at lists.libreswan.org
> Subject: Re: [Swan] Help!!
> Message-ID:
>         <
> CAPOZpEphAsE9kwA7N2McUGoOK77JpMzGsKX9Nuz+DmYLsgQ1Qg at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Dear All,
>
> can please somebody help???? Please... your help is higlhy appreciated.
>
> many thanks
>
> On Wed, Jan 9, 2019 at 7:56 PM Antonios Katsouros <
> akatsourossony at gmail.com>
> wrote:
>
> > Dear all!!
> >
> > newbie in list with a serious problem...
> >
> > I installed Libreswan through a vpn script ( this one :
> > https://github.com/hwdsl2/s... !.. Please I need your help... When the
> > vpn is establised, I need to add a route on the server (manually
> currently)
> > in order to access the network inside.
> >
> > My connection seems not that stable so every time the vpn falls and
> > reconnects, the route is lost from the server. So I have to go again to
> > server and add the route ( route add -net 192.168.61.0/24 gw 10.50.20.2
> > ). Is there a way I can do this automatically??? So when the VPN is down
> > and reconnects, after reconnection, the server runs automatically this
> > route on its self ( route add -net 192.168.61.0/24 gw 10.50.20.2 ) .
> >
> > 10.50.20.1 is the server, 10.50.20.2 is the other side (client) which
> also
> > is on the rest network behind.
> >
> > Please can somebody help???
> >
> > Hundreds of thanks in advance
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.libreswan.org/pipermail/swan/attachments/20190110/9c04eb8d/attachment.html
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>
>
> ------------------------------
>
> End of Swan Digest, Vol 73, Issue 3
> ***********************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20190110/1fabd50f/attachment.html>

More information about the Swan mailing list