Dear Libre Team I have two CentOS Stream machines A and D with Libreswan 4.1 on both. Machine A is at HO and is already having a site-to-site VPN to two other remote sites, but machine D is at an upcoming location that is being setup. Machine D on which Libreswan is being setup is also acting as a Gateway and Firewall to that small LAN.
Libreswan is being setup just like how it is done at other sites successfully except that there is one change at site D. At other locations the ISP's Internet connection terminates on the WAN interface of the CentOS machine which has the public IPs configured directly on it. However at site D, although it has both LAN and WAN interfaces, the Internet connection is not terminated on the CentOS machine. Instead it terminates on a Wireless router setup by the ISP at our premises and according to them, this is the only way to make it work. The LAN segment is 192.168.14.0/24 and their default gateway is the CentOS machine which has the IP 192.168.14.129/24 on the LAN interface. The WAN interface has the IP 10.10.128.100/24 and connects to the ISP's Wireless router which is on 10.10.128.1/24. The Public IP W.X.Y.Z is configured on the WAN interface of the ISP's Wireless router. *On machine D* conn PLSUBNET also=PLUTO-EUROPA leftsubnet=192.168.14.0/24 leftsourceip=192.168.14.129 rightsubnet=192.168.1.0/24 rightsourceip=192.168.1.1 auto=start conn PLUTO-EUROPA type=tunnel left=W.X.Y.Z right=A.B.C.D authby=secret ikev2=insist pfs=no ike=aes256-sha2_512+sha2_256-dh21 esp=aes256-sha2_512+sha1+sha2_256;dh21 dpddelay=5 dpdtimeout=120 dpdaction=restart encapsulation=yes 000 "PLSUBNET": 192.168.14.0/24===W.X.Y.Z<W.X.Y.Z>...A.B.C.D<A.B.C.D>=== 192.168.1.0/24; unrouted; eroute owner: #0 000 "PLSUBNET": unoriented; my_ip=192.168.14.129; their_ip=192.168.1.1; my_updown=ipsec _updown; *At the HO machine* conn PLUTOSUBNET also=EUROPA-PLUTO leftsubnet=192.168.14.0/24 leftsourceip=192.168.14.129 rightsubnet=192.168.1.0/24 rightsourceip=192.168.1.1 auto=start conn EUROPA-PLUTO type=tunnel left=W.X.Y.Z right=A.B.C.D authby=secret ikev2=insist pfs=no ike=aes256-sha2_512+sha2_256-dh21 esp=aes256-sha2_512+sha1+sha2_256;dh21 dpddelay=5 dpdtimeout=120 dpdaction=restart encapsulation=yes 000 "PLUTOSUBNET": 192.168.1.0/24===A.B.C.D<A.B.C.D>...W.X.Y.Z<W.X.Y.Z>=== 192.168.14.0/24; unrouted; eroute owner: #0 000 "PLUTOSUBNET": oriented; my_ip=192.168.1.1; their_ip=192.168.14.129; my_updown=ipsec _updown; *FYI. The ISP's Wireless router has a rule to forward all incoming IPSEC traffic to the CentOS machine on 10.10.128.100* Thank you, Best regards Udai
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
