Bug #3662
closed
"Provide a list of accessible networks to clients" is not working
100%
Description
"Provide a list of accessible networks to clients" doesn't seem to work. If a client tries to use the networks that should be pushed automatically, it cannot get anywhere.
It does pass traffic if the client manually specifies a policy (Shrew, Android) or if the client ignores that and tunnels everything anyway (iOS).
Updated by Ermal Luçi over 10 years ago
Normally this should work if its defined as 'net_list'.
Please share strongswan config and the part rtelated from config.xml
Updated by Jim Pingle over 10 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 8f5ac1a168f06ce87297a6c0ad9dfd30451a7071.
Updated by Jim Pingle over 10 years ago
- Status changed from Feedback to Resolved
After my last two commits this appears to work properly on iOS. With the box checked, the client only tries to send the one configured subnet to IPsec and the rest goes outside the tunnel as expected.
Shrew Soft is still not obeying the given list, but it does work if you add a P2 for 0.0.0.0/0. That may be how it was working before with racoon, since racoon would let the client automatically use that if it asked.