Project

General

Profile

Issue #3539

leftsubnet paramater works abnormally

Added by John YU about 2 months ago. Updated about 1 month ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
-
Affected version:
5.5.3
Resolution:

Description

StrongSwan 5.5.3 on X64

ipsec.conf:

conn ios_ikev2
keyexchange=ikev2
ike=aes256-sha256-modp2048,aes256-sha1-modp2048!
esp=aes256-sha256,aes256-sha1!
rekey=no
left=%defaultroute
leftid=mydomain
leftsendcert=always
leftsubnet=192.168.1.0/24
leftcert=server.cert.pem
right=%any
rightauth=eap-mschapv2
rightsourceip=10.31.2.0/24
rightsendcert=never
eap_identity=%any
dpdaction=clear
fragmentation=yes
auto=add

Excepted result:
Only traffic to 192.168.1.x goes through VPN. All the other traffics do NOT go through VPN and can be accessed normally.
Actual result:
I can ONLY access 192.168.1.X network. All the other web sites can NOT be accessed. Ping 8.8.8.8 always time out.

Could you please help me check it? Thanks

History

#1 Updated by Tobias Brunner about 1 month ago

  • Status changed from New to Feedback
  • Priority changed from High to Normal

Whether split-tunneling via narrowing works depends on the clients (and possibly their configuration), please see ForwardingAndSplitTunneling.

Also available in: Atom PDF