[Swan] libreswan inside local network with NAT (left) - MacOS roadwarrior (right)
Rodrigo Gruppelli
grupis at gmail.com
Thu Nov 3 21:19:23 EET 2022
Hey Paul, thanks for your answer...
Em dom., 30 de out. de 2022 às 19:42, Paul Wouters <paul at nohats.ca>
escreveu:
> Yes, use the IKEv2 road warrior setup examples and forward port 500,4500
> UDP.
>
You're talking about this example?
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
Below is the configuration I wrote... based on my scenario described in the
first email, is it correct?
When I create the VPN connection inside the MacOS Network Preferences,
inside authentication settings, I have the following options, but I can
make no sense of any:
- user authentication: then it asks the username and password. What
user/pass?
- certificate authentication: then it shows 2 certificates to choose:
com.apple.systemdefault and com.apple.kerberos.kdc ....
- none: then it shows a field for a pre-shared key... (what pre-shared
key?) or to choose one of the certificates above.
Am I missing some information? I'm kind of lost here...
Could you explain the steps with more details?
Cheers,
Rodrigo
conn ikev2-cp
left=192.168.0.101
leftcert=gruppelli
leftid=@gruppelli
leftsendcert=always
leftsubnet=192.168.0.0/24
leftrsasigkey=%cert
right=%any
rightaddresspool=192.168.0.1-192.168.0.254
rightca=%same
rightrsasigkey=%cert
narrowing=yes
dpddelay=30
dpdtimeout=120
dpdaction=clear
auto=add
ikev2=insist
rekey=no
fragmentation=yes
> Sent using a virtual keyboard on a phone
>
> > On Oct 29, 2022, at 08:43, Rodrigo Gruppelli <grupis at gmail.com> wrote:
> >
> > Greetings!
> >
> > I would like to know if it’s possible to achieve this kind of setup:
> >
> > On the left side, there is my local network (192.168.0.0/24)
> >
> > - The libreswan server is inside this network (IP 192.168.0.120)
> > - The provider's router local IP is 192.168.0.1 and its external IP is
> valid but dynamic
> > - I use No-IP.org for dynamic DNS bindings
> > - I can tweak configuration inside provider’s router, to redirect
> external TCP/UDP ports to machines inside
> >
> > On the right side, I’d like to be able to establish a tunnel with my
> local network, wherever I am in the world, using a macbook, acessing
> whatever machine inside my local network.
> >
> > Is it possible to build a setup like this? What do I need to configure
> in ipsec.conf ?
> >
> > Cheers
> > Rodrigo
> >
> > _______________________________________________
> > Swan mailing list
> > Swan at lists.libreswan.org
> > https://lists.libreswan.org/mailman/listinfo/swan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221103/74a6b8bc/attachment-0001.htm>
More information about the Swan
mailing list