Project

General

Profile

Issue #3522

Internet will not work after connected strongswan vpn server

Added by Sudeep Kote about 2 months ago. Updated about 2 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
configuration
Affected version:
5.8.4
Resolution:

Description

I am beginner of this and i have set up and configured Strongswan ipsec ikev2 VPN serevr . i am able to connect VPN server from Ubuntu laptops but once I connected, My laptop internet will stop working .. suspecting all traffic its routing throw strong vpn server public IP , am not sure what is happening .. could you please help on this how to resolve ... PFB server configuration and error logs

Serevr Configuration : config setup
charondebug="ike 1, knl 1, cfg 0"
uniqueids=no

conn ikev2-vpn
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftid=IP Address (.*..*)
leftcert=server-cert.pem
leftsendcert=always
leftsubnet=10.160.0.0/0
leftfirewall=no
right=%any
rightid=%any
rightauth=eap-mschapv2
rightsourceip=10.10.10.0/24
rightdns=8.8.8.8,8.8.4.4
rightsendcert=never
eap_identity=%identity
ike=chacha20poly1305-sha512-curve25519-prfsha512,aes256gcm16-sha384-prfsha384-ecp384,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
esp=chacha20poly1305-sha512,aes256gcm16-ecp384,aes256-sha256,aes256-sha1,3des-sha1!

Client system logs :

Jul 23 12:22:57 lp-ub-sudeep charon21814: 05[IKE] maximum IKE_SA lifetime 10478s
Jul 23 12:22:57 lp-ub-sudeep charon21814: 05[IKE] adding DNS server failed
Jul 23 12:22:57 lp-ub-sudeep charon21814: 05[IKE] adding DNS server failed
Jul 23 12:22:57 lp-ub-sudeep charon21814: 05[CFG] handling INTERNAL_IP4_DNS attribute failed
Jul 23 12:22:57 lp-ub-sudeep charon21814: 05[IKE] adding DNS server failed
Jul 23 12:22:57 lp-ub-sudeep charon21814: 05[CFG] handling INTERNAL_IP4_DNS attribute failed
Jul 23 12:22:57 lp-ub-sudeep charon21814: 05[IKE] installing new virtual IP 10.10.10.1
Jul 23 12:22:57 lp-ub-sudeep charon21814: 05[IKE] CHILD_SA ikev2-rw{1} established with SPIs c7424766_i cc844c98_o and TS 10.10.10.1/32 === 0.0.0.0/0
Jul 23 12:22:57 lp-ub-sudeep charon21814: 05[IKE] CHILD_SA ikev2-rw{1} established with SPIs c7424766_i cc844c98_o and TS 10.10.10.1/32 === 0.0.0.0/0
Jul 23 12:22:57 lp-ub-sudeep charon21814: 05[IKE] peer supports MOBIKE
obo@lp-ub-sudeep:~$ sudo service strongswan stop

History

#1 Updated by Tobias Brunner about 2 months ago

  • Category changed from charon to configuration
  • Status changed from New to Feedback
  • Assignee deleted (Sudeep Kote)
  • Priority changed from High to Normal

Yes, everything will be sent through the tunnel. See ForwardingAndSplitTunneling.

#2 Updated by Sudeep Kote about 2 months ago

how to configure split tunnelling?
need to do anything in client laptops ?
only VPN traffic should reach our vpn server other traffic browsing and all should route throw ISP IP only.
Please help me to resolve this...

Also available in: Atom PDF