[Swan] Road warriors and dhcp

Paul Wouters paul at nohats.ca
Sun Jan 3 17:04:02 UTC 2021


On Sat, 2 Jan 2021, Alex wrote:

> The windows client obtains an IP on the 192.168.6.0/24 network, but
> apparently only because of the rightaddresspool= statement - it
> doesn't appear the dhcp server is being consulted at all.

Correct. libreswan does not consult a DHCP server. It assumes it has
full authority to assign anything from its given addresspool.

> I also can't ping the router on 192.168.6.1, so while the VPN is
> connected, there's really no connectivity to the 192.168.6.0 network
> or the 192.168.1.0 corporate LAN network.

That seems more likely to be a generic routing/firewall issue than a
VPN issue. Make sure the VPN server has an IP in the addresspool range
(could be an additional IP on the physical network card). Then try
and ping from your regular network to the IP on your VPN server.

Also ensure you are not accidentally NATing the new 192.168.6.0/24
range elsewhere in your network.

Paul


More information about the Swan mailing list