<div dir="ltr"><p class="MsoNormal">Hello, I’m totally stuck and hoping someone can help me out.
We currently have a VPN setup for site to site ipsec and now I want to
allow a road warrior connection and limit that connection to certain subnets.
I’ve been testing and messing with it for days and no matter what when I
connect the user can ping everything connected to the VPN server. I assume I’m
failing to understand but I believed the “leftsubnets=” was to restrict what
networks the connected host had access to? Can anyone shed light on how I can do
this?</p>
<p class="MsoNormal"> </p><p class="MsoNormal"><br></p><p class="MsoNormal">My connection description looks like the following:</p><p class="MsoNormal"><br></p><p class="MsoNormal">conn RWConn # road warrior connection description</p><p class="MsoNormal"> authby=secret</p><p class="MsoNormal"> pfs=no</p><p class="MsoNormal"> auto=add</p><p class="MsoNormal"> keyingtries=3</p><p class="MsoNormal"> rekey=no</p><p class="MsoNormal"> type=transport</p><p class="MsoNormal"> left=x.x.x.x</p><p class="MsoNormal"> leftnexthop=%defaultroute</p><p class="MsoNormal"> leftprotoport=17/1701</p><p class="MsoNormal"> leftsubnets={ <a href="http://192.168.10.0/24">192.168.10.0/24</a> }</p><p class="MsoNormal"> right=%any</p><p class="MsoNormal"> rightsubnet=vhost:%priv,%no</p><p class="MsoNormal"> rightprotoport=17/%any</p><p class="MsoNormal"> dpddelay=40</p><p class="MsoNormal"> dpdtimeout=130</p><p class="MsoNormal"></p><p class="MsoNormal"> dpdaction=clear</p><div><br></div><div><br></div><div>My goal is to use certificates but for now I'm just trying to get the subnet restriction to work with PSK. </div><div><br></div><div> <br></div>
<p class="MsoNormal">Thanks.</p></div>