[Swan] Accessing Subnet on Host's Virtual Interface?
Brian Reading
brian.reading at wmerp.com
Mon Apr 27 04:36:18 UTC 2020
My VPN server running CentOS 8 doubles as a KVM hypervisor. I've also
configured a virtual network (using the libvirt "virbr0" virtual bridge
interface) to be used for guest to host communication between the
server and the VMs. If you're not familiar with this specific
configuration of libvirt networking, see here:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/virtualization_host_configuration_and_guest_installation_guide/app_macvtap
In terms of the libreswan configuration, here is what I'm currently
using (XAUTH/IKev1 w/PSK):
conn xauth-psk
authby=secret
pfs=no
auto=add
rekey=no
left=%defaultroute
leftsubnet=0.0.0.0/0
rightaddresspool=192.168.1.30-192.168.1.50
right=%any
cisco-unity=yes
modecfgdns=192.168.1.1
modecfgdomains="foo.bar.local, bar.local"
leftxauthserver=yes
rightxauthclient=yes
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
xauthby=pam
ike-frag=yes
ikev2=never
Everything works great. I can successfully hit all endpoints utilizing
the 192.168.1.0/24 subnet, but not anything on the 192.168.122.0/24
subnet that is used by the virtual network. How would I go about
setting this up?
More information about the Swan
mailing list