[Swan] Help with IKEv1 roadwarrior to subnet?

[Manfred]

I should probably add the virtual-private too:
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v4:!192.168.0.0/24

On 11/14/2020 7:07 PM, Manfred wrote:
> I'm trying to set up a remote VPN access, and for simplicity I am 
> starting with IKEv1 & PSK (the final setup will be IKEv2 & certs, but 
> I'd rather figure this out first).
> 
> I am able to establish a connection from client to server, and access 
> all services on the server itself (http, ssh, ...) but I'm stuck at the 
> point that I can't access any other host at the server site (e.g. 
> 192.168.0.35)
> 
> Thanks in advance for any help!
> 
> On the server site:
> UDP ports 500, 4500, and 50 are being NAT forwarded from the public 
> gateway to the ipsec server at 192.168.0.27, subnet is 192.168.0.0/24
> 
> server config is:
> conn server-vpn
>      ikev2=no
>      ike=aes256-sha1;dh14
>      esp=aes256-sha1
> 
>      authby=secret
>      # left=XXX.XXX.XXX.XXX # public IP of the gateway
>      # leftnexthop=%defaultroute
>      left=%defaultroute
>      leftid=XXX.XXX.XXX.XXX # public IP of the gateway
>      # leftsourceip=192.168.0.27
>      leftsubnet=192.168.0.0/24
> 
>      right=%any
>      rightsubnet=vhost:%no,%priv
> 
>      auto=add
> 
> client site is supposed to be dynamic IP, behind a gateway at 
> 192.168.1.25, subnet is 192.168.1.0/24
> client config:
> conn client-vpn
>      ikev2=no
>      ike=aes256-sha1;dh14
>      esp=aes256-sha1
> 
>      authby=secret
>      left=%defaultroute
>      # leftid=XXX.XXX.XXX.XXX
>      # leftsubnet=vhost:%no,%priv
>      # leftsubnet=192.168.1.0/24
> 
>      right=XXX.XXX.XXX.XXX # public IP of the gateway at server site
>      rightsubnet=192.168.0.0/24
> 
>      auto=add
> 
> (Maybe it's worth mentioning that the server is running libreswan 4.1 on 
> Fedora 32, the client is with 3.30 on Fedora 30)