[Swan] VPN server for multiple clients with fixed IPs
Paul Wouters
paul at nohats.ca
Sat Apr 9 04:20:16 EEST 2022
On Thu, 31 Mar 2022, Brady Johnson wrote:
> I would like to do "VPN server for remote clients using IKEv2" [0] for multiple clients, but with fixed client IPs. Currently I set the
> "rightsubnet=0.0.0.0/0", but I would prefer to be able to specify a different rightsubnet for each client, is this possible?
>
> I tried with the configurations below, and get this error in the pluto.log:
>
> Mar 31 03:52:48.471606: "vpn_server_tunnel"[2] 10.10.16.6 #6: cannot route -- route already in use for "vpn_server_tunnel"[1] 10.10.15.5
I'm a little confused because there is a left/right on both server
config and client config.
If you want the server to give out different subnets to different
clients, specify these with rightid= and rightsubnet= on the server
in seperate conns, and match them on the client.
> VPN server config:
>
> conn vpn_server_tunnel
> left=10.10.8.8
> leftid=@vpnserver08.lab.com
> leftsubnet=10.10.10.0/24
> leftrsasigkey=%cert
> leftcert=vpnserver08.lab.com
> leftsendcert=always
>
> right=%any
> rightrsasigkey=%cert
> rightid=%fromcert
> rightca=%same
> rightsubnet=0.0.0.0/0
So here you would want to use e.g. rightid=@client1 and rightsubnet=X.0.0.0/24
Then in vpn_server_tunnel_client2, you can use: rightid=@client2 and rightsubnet=Y.0.0.0/24
Paul
More information about the Swan
mailing list