[Swan] subnet-to-subnet config
Alex
mysqlstudent at gmail.com
Fri Feb 8 21:20:08 UTC 2019
Hi, I'm trying to build a subnet-to-subnet VPN with libreswan-3.27 on
fedora28 and having some trouble. Should the subnets already exist on
the remote networks, or does libreswan create them? When I use the
config below, the networks disappear from the routing table and the
servers become unreachable.
I've followed the directions on the subnet-to-subnet page:
https://libreswan.org/wiki/Subnet_to_subnet_VPN
conn orion-wyckoff-subnets
also=orion-wyckoff
rightsubnet=192.168.11.0/24
leftsubnet=192.168.1.0/24
auto=start
conn orion-wyckoff
ikev2=insist
authby=rsasig
auto=start
# dead peer detection to detect vanishing clients (?)
dpddelay=10
dpdtimeout=90
dpdaction=clear
rightid=@wyckoff-orion
right=wyckoff.crabdance.com
# rsakey AwEAAd4Ee
rightrsasigkey=0sAwEAAd4EeKjbFI7m...
leftid=@orion-wyckoff
left=orion.example.com
# rsakey AwEAAeSMF
leftrsasigkey=0sAwEAAeSMFxvoJaP...
The rightsubnet (192.168.11.0/24) exists on the right network
(wyckoff.crabdance.com). The leftsubnet (192.168.1.0/24) already
exists on the left network (orion.example.com).
wyckoff.crabdance.com
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default ool-44c0f801.dy 0.0.0.0 UG 100 0 0 enp4s0
68.192.248.0 0.0.0.0 255.255.252.0 U 100 0 0 enp4s0
192.168.10.0 0.0.0.0 255.255.255.0 U 101 0 0 enp2s0
192.168.11.0 0.0.0.0 255.255.255.0 U 101 0 0 enp2s0
orion.example.com:
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default ool-44c3c129.st 0.0.0.0 UG 0 0 0 br0
68.195.193.40 0.0.0.0 255.255.255.248 U 0 0 0 br0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.6.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
Will this config also make the endpoints accessible to each other?
More information about the Swan
mailing list