[Swan] Accessing Subnet on Host's Virtual Interface?

Brian Reading brian.reading at wmerp.com
Mon Apr 27 04:36:18 UTC 2020


My VPN server running CentOS 8 doubles as a KVM hypervisor. I've also
configured a virtual network (using the libvirt "virbr0" virtual bridge
interface) to be used for guest to host communication between the
server and the VMs. If you're not familiar with this specific
configuration of libvirt networking, see here: 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/virtualization_host_configuration_and_guest_installation_guide/app_macvtap

In terms of the libreswan configuration, here is what I'm currently
using (XAUTH/IKev1 w/PSK):

conn xauth-psk
    authby=secret
    pfs=no
    auto=add
    rekey=no
    left=%defaultroute
    leftsubnet=0.0.0.0/0
    rightaddresspool=192.168.1.30-192.168.1.50
    right=%any
    cisco-unity=yes
    modecfgdns=192.168.1.1
    modecfgdomains="foo.bar.local, bar.local"
    leftxauthserver=yes
    rightxauthclient=yes
    leftmodecfgserver=yes
    rightmodecfgclient=yes
    modecfgpull=yes
    xauthby=pam
    ike-frag=yes
    ikev2=never

Everything works great. I can successfully hit all endpoints utilizing
the 192.168.1.0/24 subnet, but not anything on the 192.168.122.0/24
subnet that is used by the virtual network. How would I go about
setting this up?


More information about the Swan mailing list