[Swan] Road Warrior config

brendan kearney bpk678 at gmail.com
Mon Aug 30 16:42:38 UTC 2021 

I'm still not able to make things work, and don't know what I might be
doing wrong. Any pointers would be appreciated.

Thanks,
Brendan

On Mon, Aug 16, 2021, 2:05 PM brendan kearney <bpk678 at gmail.com> wrote:

> I have a road warrior config setup, and the tunnel establishes without
> issue.  the problem i cannot track down is why the client never
> receives a reply (properly?).  if i ping anything, or send any other
> traffic down the tunnel, i can see it on the "server" side.  in the
> case of pings, i can see the response, but the client does not
> register the reply.  there are no firewalls in the path or running
> locally on either the client or the server.  where can i look for why
> traffic is not registering with the client (i believe its actually
> getting to the client)?
>
> client config:
> # Remote Access Connection
> conn rac
>     # Connection Parameters
>     auto=add
>     authby=secret
>     #type=transport
>     ikev2=insist
>     ikelifetime=24h
>     salifetime=1h
>     rekey=yes
>     fragmentation=yes
>     compress=yes
>     # Dead Peer Detection
>     dpddelay=30
>     dpdtimeout=120
>     dpdaction=clear
>     # Local Definitions
>     left=%defaultroute
>     #leftsubnet=0.0.0.0/0
>     leftid=munin.bpk2.com
>     leftmodecfgclient=yes
>     # Remote Definitions
>     right=router-ext.bpk2.com
>     rightsubnet=0.0.0.0/0
>     # Pull Configs from Remote
>     modecfgpull=yes
>
> server config:
> # Remote Access Connection
> conn rac
>     # Configuration Parameters
>     auto=add
>     authby=secret
>     #type=transport
>     ikelifetime=24h
>     salifetime=1h
>     ikev2=insist
>     rekey=yes
>     fragmentation=yes
>     compress=yes
>     # Dead Peer Detection
>     dpddelay=30
>     dpdtimeout=120
>     dpdaction=clear
>     # Local Definitions
>     left=192.168.152.254
>     leftsubnet=0.0.0.0/0
>     #leftid=ipsec.bpk2.com
>     leftid=router-ext.bpk2.com
>     # Remote Definitions
>     right=%any
>     rightid=%any
>     #rightsubnet=vhost:%priv,%no
>     #rightsubnet=0.0.0.0/0
>     rightaddresspool=192.168.152.50-192.168.152.99
>     # Push Configs to Remote
>     modecfgdns=192.168.120.254
>     modecfgdomains=bpk2.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210830/2911f6dd/attachment-0001.html>

More information about the Swan mailing list