Project

General

Profile

Actions

Bug #3662

closed

"Provide a list of accessible networks to clients" is not working

Added by Jim Pingle over 10 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
Start date:
05/16/2014
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:
All

Description

"Provide a list of accessible networks to clients" doesn't seem to work. If a client tries to use the networks that should be pushed automatically, it cannot get anywhere.

It does pass traffic if the client manually specifies a policy (Shrew, Android) or if the client ignores that and tunnels everything anyway (iOS).

Actions #1

Updated by Ermal Luçi over 10 years ago

Normally this should work if its defined as 'net_list'.

Please share strongswan config and the part rtelated from config.xml

Actions #2

Updated by Jim Pingle over 10 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #3

Updated by Jim Pingle over 10 years ago

  • Status changed from Feedback to Resolved

After my last two commits this appears to work properly on iOS. With the box checked, the client only tries to send the one configured subnet to IPsec and the rest goes outside the tunnel as expected.

Shrew Soft is still not obeying the given list, but it does work if you add a P2 for 0.0.0.0/0. That may be how it was working before with racoon, since racoon would let the client automatically use that if it asked.

Actions

Also available in: Atom PDF