[Swan] route based vpn with libreswan
owen s
owen94012 at gmail.com
Wed Nov 3 14:16:56 EET 2021
I created an ipsec tunnel that's working but I am unable to route traffic
through the tunnel. After reading I think the solution is to create a new
vti interface via: https://libreswan.org/wiki/Route-based_VPN_using_VTI
The below is an example of my configuration
conn testconn
auto=start
authby=secret
ike=aes256-sha256;dh14
esp=aes256-sha256
ikelifetime=86400s
salifetime=3600s
pfs=no
compress=no
ikev2=no
aggressive=no
left=10.10.2.69
leftid=[router public address]
leftsubnet=[10.10.2.0/24]
right=[remote server router public ip]
rightsubnet=[10.100.10.128/25]
# ipsec-interface=9 //no longer required
should I change the left and right subnet to 0.0.0.0/0 or can I keep the
subnet defined as is?
or should I just replace the left and right subnets to 0.0.0.0/0 and then
use the left, right vti to describe the subnets.
What's the difference between the left, right vti and then the ip route add
command? Why is the leftvti 10.0.1.1/24 but the ip route add 10.0.0.0/8?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20211103/cf48650e/attachment.htm>
More information about the Swan
mailing list