[Swan] Road warriors and dhcp
mysqlstudent at gmail.com
Sun Jan 3 20:52:22 UTC 2021
>> The windows client obtains an IP on the 192.168.6.0/24 network, but
>> apparently only because of the rightaddresspool= statement - it
>> doesn't appear the dhcp server is being consulted at all.
> Correct. libreswan does not consult a DHCP server. It assumes it has
> full authority to assign anything from its given addresspool.
How does it then determine the default gateway and other stuff that
would normally be obtained by DHCP, such as an NTP server?
I'm also using shorewall on this network, but it operates based on
"ipsec", not a specific network.
Listening on 192.168.6.0/24 on the VPN server shows no traffic, even
when trying to ping the gateway.
Here is the routing table from the Windows PC after the VPN is
connected, using a tether connection on my cell. I've stripped off the
Metric field to make it more legible.
Network Destination Netmask Gateway Interface
0.0.0.0 0.0.0.0 192.168.43.1 192.168.43.203
126.96.36.199 255.255.255.255 192.168.43.1 192.168.43.203
127.0.0.0 255.0.0.0 On-link 127.0.0.1
127.0.0.1 255.255.255.255 On-link 127.0.0.1
127.255.255.255 255.255.255.255 On-link 127.0.0.1
192.168.6.0 255.255.255.0 On-link 192.168.6.2
192.168.6.2 255.255.255.255 On-link 192.168.6.2
192.168.6.255 255.255.255.255 On-link 192.168.6.2
192.168.43.0 255.255.255.0 On-link 192.168.43.203
192.168.43.203 255.255.255.255 On-link 192.168.43.203
192.168.43.255 255.255.255.255 On-link 192.168.43.203
188.8.131.52 240.0.0.0 On-link 127.0.0.1
184.108.40.206 240.0.0.0 On-link 192.168.43.203
220.127.116.11 240.0.0.0 On-link 192.168.6.2
255.255.255.255 255.255.255.255 On-link 127.0.0.1
255.255.255.255 255.255.255.255 On-link 192.168.43.203
255.255.255.255 255.255.255.255 On-link 192.168.6.2
Here is the VPN adapter on the Windows PC:
PPP adapter ikev2-cp:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.6.2
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
Here is the interface on the VPN server for this network:
eth1:2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.6.1 netmask 255.255.255.0 broadcast 192.168.6.255
ether 0c:c4:7a:a9:18:df txqueuelen 1000 (Ethernet)
device memory 0xfb100000-fb11ffff
When I built a subnet-to-subnet VPN some time ago, it was necessary to
create another connection to allow remote hosts to access individual
hosts on the local network. Is that not necessary here?
My eventual goal is to allow it to reach the 192.168.1.0/24 corporate
LAN from the 192.168.6.0/24 IP it's assigned so it can communicate with
our asterisk server.
More information about the Swan