On Wed, 12 Apr 2017, Antonio Silva wrote:
My current setup:
--- eth0 (192.168.0.254/24)
WAN --- router --- vlan 1 on eth0 (192.168.168.254/24)
i set the ipsec conn with
rightaddresspool=192.168.168.87-192.168.168.90, the connection is
established and i get the ip 192.168.168.87 on my device.
I then can connect to the server against the ip 192.168.168.254, so far
good.
But when try to connect to a lan device, like 192.168.168.249,i can't..
in tcpdump in the router i see the lan device sending the arp request
who as the 192.168.168.87, but no reply from the router, I've set the
proxy arp on the interface as suggested on the wiki
(https://libreswan.org/wiki/FAQ#Can_I_hand_out_LAN_IP_addresses_in_the_addresspool.3F),
but no luck...
net.ipv4.conf.eth0.proxy_arp=1
From the router i can ping 192.168.168.87.
Any suggestion on how to solve this? or this configuration is not ideal
and i must defined a different pool for the vpn side?
That should work. Try running "ipsec verify" and check your systemctl
settings and firewall rules?
You might also need a passthrough conn
conn passthrough
left=192.168.0.254
right=%any
leftsubnet=192.168.0.0/24
rightsubnet=192.168.0.0/24
auto=route
authby=never
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
