Eldar Yusupov wrote: > How should I alter the strongSwan config? It seems to me that I've > specified that my subnet is 192.168.1.0/24 <http://192.168.1.0/24> there.
Try leftsubnet=0.0.0.0/0 > I'm using Cisco VPN client at the moment, however I plan to change it later. > In any case I'd like to keep the most of the configuration details > defined on the gateway, not the client. That sounds reasonable. The concept of Cisco's VPN client is to tunnel all traffic through your IPsec gateway not only the traffic that is destined for your subnet i.e. 192.168.1.0/24. In a default configuration the Cisco VPN client does not allow you to access any host on the Internet without passing through the VPN gateway. I'm not an export on Cisco's VPN client, though. Maybe you find a solution that fits your needs. You can also try the VPN client of Shrew Soft. "NCP Secure Entry Client for Win32/64" is even better but costs 142 EUR per license. > Am I correct that in theory strongSwan should notify the peer about the > local subnet, however for some reason this does not happen or the peer > discards that information? That is true for IKEv2. Maybe Cisco has some proprietary extension for IKEv1 which supports that as well but I guess not. -Daniel _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users