You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
Everything looks good in my environment. The clients can get an IP address from the DHCP Server and can go to LAN and WAN without any problem, but.....all the clients get the same IP address from the DHCP Server. I have tested with another DHCP Server (1st was a Firewall DHCP and 2nd was a Windows Server DHCP) and it's the same.
dhcp {
force_server_address = yes
identity_lease = yes
interface = eth0
load = yes
server = 10.10.0.1 #DHCP IP address
}
charon {
load_modular = yes
dns1 = dns 1 ip address
dns2 = dns 2 ip address
plugins {
include strongswan.d/charon/*.conf
attr {
split-include = 10.10.0.0/16 # Send only traffic destined to leftsubnet to the tunnel interface
split-exclude = 0.0.0.0/0 # Mac OS X client responsible for routing all non-tunnel traffic elsewhere
28674 = rva.org
dns = dns 1 ip address, dns 2 ip address
}
}
}
include strongswan.d/*.conf
IPTABLES
#PS: That is not my config, but I tested with that to make sure that there is nothing wrong with it.
#Clean IP Tables
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
Questions 1: How to fix that the DHCP gives a different IP address to each VPN Client ?
Like...I made a test using rightsourceip=10.10.1.247/32 and the client works with no problem, but for the firewall, looks like the connection comes from the server. The server have free access to the internet, but the Clients should auth first.
How to change the way that the VPN Client go to the LAN, to because a normal client ?
Or how to fix the DHCP Issue that gives the same IP address to all the VPN Client?
The text was updated successfully, but these errors were encountered:
Hi,
Everything looks good in my environment. The clients can get an IP address from the DHCP Server and can go to LAN and WAN without any problem, but.....all the clients get the same IP address from the DHCP Server. I have tested with another DHCP Server (1st was a Firewall DHCP and 2nd was a Windows Server DHCP) and it's the same.
My Config files are:
/etc/ipsec.conf
config setup
strictcrlpolicy=no
uniqueids=never
charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, mgr 2"
conn roadwarrior
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
ike=aes256gcm16-sha256-ecp521,aes256-sha256-ecp384!
esp=aes256gcm16-sha256!
dpdaction=clear
dpddelay=180s
rekey=no
left=%any
[email protected]
leftcert=cert.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
right=%any
rightid=%any
rightauth=eap-mschapv2
eap_identity=%any
rightdns=dns1 ip address, dns2 IP address
rightsourceip=%dhcp
rightsendcert=never
/etc/sysctl.d/99-strongswan.conf
net.ipv4.ip_forward=1
/etc/strongswan.d/charon/dhcp.conf
dhcp {
force_server_address = yes
identity_lease = yes
interface = eth0
load = yes
server = 10.10.0.1 #DHCP IP address
}
charon {
load_modular = yes
dns1 = dns 1 ip address
dns2 = dns 2 ip address
plugins {
include strongswan.d/charon/*.conf
attr {
split-include = 10.10.0.0/16 # Send only traffic destined to leftsubnet to the tunnel interface
split-exclude = 0.0.0.0/0 # Mac OS X client responsible for routing all non-tunnel traffic elsewhere
28674 = rva.org
dns = dns 1 ip address, dns 2 ip address
}
}
}
include strongswan.d/*.conf
IPTABLES
#PS: That is not my config, but I tested with that to make sure that there is nothing wrong with it.
#Clean IP Tables
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
Questions 1: How to fix that the DHCP gives a different IP address to each VPN Client ?
Like...I made a test using rightsourceip=10.10.1.247/32 and the client works with no problem, but for the firewall, looks like the connection comes from the server. The server have free access to the internet, but the Clients should auth first.
How to change the way that the VPN Client go to the LAN, to because a normal client ?
Or how to fix the DHCP Issue that gives the same IP address to all the VPN Client?
The text was updated successfully, but these errors were encountered: