On Thu, 31 Mar 2022, Brady Johnson wrote:
I would like to do "VPN server for remote clients using IKEv2" [0] for multiple
clients, but with fixed client IPs. Currently I set the
"rightsubnet=0.0.0.0/0", but I would prefer to be able to specify a different
rightsubnet for each client, is this possible?
I tried with the configurations below, and get this error in the pluto.log:
Mar 31 03:52:48.471606: "vpn_server_tunnel"[2] 10.10.16.6 #6: cannot route -- route
already in use for "vpn_server_tunnel"[1] 10.10.15.5
I'm a little confused because there is a left/right on both server
config and client config.
If you want the server to give out different subnets to different
clients, specify these with rightid= and rightsubnet= on the server
in seperate conns, and match them on the client.
VPN server config:
conn vpn_server_tunnel
left=10.10.8.8
[email protected]
leftsubnet=10.10.10.0/24
leftrsasigkey=%cert
leftcert=vpnserver08.lab.com
leftsendcert=always
right=%any
rightrsasigkey=%cert
rightid=%fromcert
rightca=%same
rightsubnet=0.0.0.0/0
So here you would want to use e.g. rightid=@client1 and rightsubnet=X.0.0.0/24
Then in vpn_server_tunnel_client2, you can use: rightid=@client2 and
rightsubnet=Y.0.0.0/24
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
