[Swan] Road warriors and dhcp
Paul Wouters
paul at nohats.ca
Mon Jan 4 19:18:35 UTC 2021
On Mon, 4 Jan 2021, Alex wrote:
>> Client and server agree on the src/dst parameters. eg the leftsubnet and
>> rightsubnet options. If the vpn client receives a remote subnet of
>> 0.0.0.0/0 it sends all traffic over the tunnel. If it receives a smaller
>> subnet, only traffic with that destination will go over the tunnel. For
>> all traffic over the tunnel, the IP the libreswan server assigned to it
>> is used (eg it appears to the client as leftsubnet=192.168.6.x/32)
>
> Okay, adding leftsubnet=0.0.0.0/0 does enable me to ping the
> 192.168.6.1 gateway, but I can't reach the 192.168.1.0/24 internal
> network.
Then that is really an issue of routing/nat/firewall on the VPN server.
Check the vpn server works properly with: ping -I 192.168.6.1 192.168.1.x work ?
>> Do you have the VPN server handing out a leftsubnet=192.168.1.0/24 or
>> leftsubnet=0.0.0.0/0 (with rightaddresspool=192.168.6.XXXXXXX)
>
> It doesn't work when trying leftsubnet=192.168.1.0/24 or
> leftsubnet=0.0.0.0/0. It just returns "request timed out." So when I
> set leftsubnet=192.168.6.0/24 I can ping the gateway, but when I set
> leftsubnet=192.168.1.0/24 or leftsubnet=0.0.0.0/0 I can't reach the
> gateway or the 192.168.1.0/24 network.
If you set leftsubnet=192.168.1.0/24 then it covers only that destination
and not 192.168.6.0/24, so it makes sense you cannot ping the gateway
then.
Paul
More information about the Swan
mailing list