[Openswan Users] IPsec route all traffic

Nick Howitt nick at howitts.co.uk
Tue Jun 10 04:12:29 EDT 2014 

I believe you need to set rightsubnet to 0.0.0.0/0. Match it in your 
remote config. If it is important that the users can only access the 
internet via the VPN,you may also want to add a firewall rule blocking 
all traffic in the FORWARD chain (assuming iptables) in case the tunnel 
goes down.

Nick

On 2014-06-10 08:28, Aleksander Ol wrote:
> config setup
>  interfaces="%defaultroute"
>  nat_traversal=yes
>  protostack=netkey
>  plutostderrlog=/var/log/pluto.log
>  plutodebug="all"
> conn VPN
>  forceencaps=yes
>  dpddelay=30
>  dpdtimeout=120
>  dpdaction=restart
>  ike=aes-256-sha1;modp1024
>  ikelifetime=86400s
>  authby=secret
>  type=tunnel
>  salifetime=3600s
>  pfs=yes
>  phase2=esp
>  phase2alg=aes-128-sha1;modp1024
>  left=185.XXX.XXX
>  leftsubnet=10.XXX.XXX.XXX/24
>  leftnexthop=%defaultroute
>  right=91.YYY.YYY.YYY
>  rightsubnet=10.11.YYY.YY/24
>  rightnexthop=%defaultroute
>  auto=start
> 
> Mon, 09 Jun 2014 09:37:59 +0100 от Dan Cave <dan.cave at me.com>:
> 
>> Please post your configuring
>> 
>> :)
>> 
>> On 8 Jun 2014 19:07, Aleksander Ol <aleksander_2005 at mail.ru [1]>
>> wrote:
>>> 
>>> Good afternoon.
>>> I can not send traffic as IPSEC.
>>> 
>>> configured so
>>> 1) Eth0 ( Internal Network .... 192.168.0.0/24 )
>>> 2) Eth1 ( Internet )
>>> 
>>> I setup Openswan IPsec .... use (netkey )
>>> Now All local traffic work fine ... but i neet route all traffic
>> to VPN .... Internet also.
>>> I need that users went through a remote gateway with any
>> established VPN connection
>>> If that does not work VPN Internet also should not work
>>> 
>>> The problem is that OpenSwan IPSEC does not create a separate
>> interface
>>> 
>>> If anyone knows how to config. Help please
>>> 
>>> Sorry for my english
>>> 
>>> 
>>> --
>>> Aleksander Ol
> 
> 
> 
> Links:
> ------
> [1] 
> http://howitts.poweredbyclear.com/compose?To=aleksander_2005@mail.ru
> 
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list