[Swan] Road warriors and dhcp

Paul Wouters paul at nohats.ca
Mon Jan 4 19:18:35 UTC 2021

On Mon, 4 Jan 2021, Alex wrote:

>> Client and server agree on the src/dst parameters. eg the leftsubnet and
>> rightsubnet options. If the vpn client receives a remote subnet of
>> it sends all traffic over the tunnel. If it receives a smaller
>> subnet, only traffic with that destination will go over the tunnel. For
>> all traffic over the tunnel, the IP the libreswan server assigned to it
>> is used (eg it appears to the client as leftsubnet=192.168.6.x/32)
> Okay, adding leftsubnet= does enable me to ping the
> gateway, but I can't reach the internal
> network.

Then that is really an issue of routing/nat/firewall on the VPN server.
Check the vpn server works properly with: ping -I 192.168.1.x work ?

>> Do you have the VPN server handing out a leftsubnet= or
>> leftsubnet= (with rightaddresspool=192.168.6.XXXXXXX)
> It doesn't work when trying leftsubnet= or
> leftsubnet= It just returns "request timed out." So when I
> set leftsubnet= I can ping the gateway, but when I set
> leftsubnet= or leftsubnet= I can't reach the
> gateway or the network.

If you set leftsubnet= then it covers only that destination
and not, so it makes sense you cannot ping the gateway


More information about the Swan mailing list