Suffering for strongswan, how to return the network?

E

ettaluni2021-02-04 11:55:50

VPN

ettaluni, 2021-02-04 11:55:50

Good day! When I turn on vpn ipsec, the client's local network disappears. That is, the client stops responding to its local (not vpn address) which is distributed over NAT.
In general, initially I want to connect via rdp-vnc-ssh from the local network of Client-1 to the computers of the local network of Client-2.
How to configure strongswan so that the local network does not break?
Schema:
Client1 (10.0.1.1) 172.16.0.11\24 -> VPS(Public IP) -> Client2 (10.0.1.2) 192.168.0.15\24
Server:

spoiler

conn my-super-vpn
  auto=add
  compress=no
  type=tunnel  # defines the type of connection, tunnel.
  keyexchange=ikev2
  fragmentation=yes
  forceencaps=yes
  dpdaction=clear
  dpddelay=300s
  rekey=no
  left=%any
  leftauth=pubkey
  [email protected]    #If using IP, define it without the @ sign
  leftsourceip=18.18.18.18
  leftcert=vpn_server_cert.pem  #Reads the VPN server cert in /etc/ipsec.d/certs
  leftsendcert=always
  leftsubnet=0.0.0.0/0
  right=%any
  rightid=%any
  rightauth=eap-mschapv2
  rightsourceip=10.0.1.0/24  #IP address Pool to be assigned to the clients
#	rightdns=8.8.8.8  
  rightsendcert=never
  eap_identity=%identity  #Defines the identity the client uses to reply to an EAP Identity request.

Customer:

spoiler

conn my-super-vpn
  auto=start
  right=18.18.18.18
  rightid=my.super.vpn
  rightsubnet=0.0.0.0/0
  rightauth=pubkey
  leftsourceip=%config
  leftid=client1
  leftauth=eap-mschapv2
  eap_identity=%identity

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

K

ky0, 2021-02-04
@ky0

How to configure strongswan so that the local network does not break?

Do not wrap local ranges of clients in vpn. Make sure that when you connect the tunnel, local routes do not go anywhere.