0

I have strongswan ipsec setup installed in ubuntu OS. I have static public ip 103.x.x.x and vpn clients subnet 10.100.100.2/24. I have 2 clients with ubuntu OS. I was able to ping client 1 to client 2 and vice versa and they have 103.x.x.x public ip. I want to limit my rightsubnet to 10.100.100.2/24 only. When I changing rightsubnet in clients from 0.0.0.0/0 to 10.100.100.2/24, the connection is established but when I run curl https://checkip.amazonaws.com, the returned IP is the client public IP vs the server public IP (expected). What will be the correct config with my use case?

here's my server config:

server config

client config:

client config

kramnitsuj
  • 1
  • 1
  • Isn't this completely normal? You're talking to the server at checkip.amazonaws.com whose address is _not_ within the rightsubnet, so of course it won't go over the VPN because that's what you wanted? – user1686 Jun 19 '23 at 06:26
  • okay, thanks for the reply and sorry for noob question. is it possible to allow all traffic (0.0.0.0/0) but I want this specific subnet that won't go over the VPN (sample 172.22.0.0/24) – kramnitsuj Jun 19 '23 at 07:12
  • 1
    Yes, e.g. via [bypass/passthrough policies](https://docs.strongswan.org/docs/5.9/config/quickstart.html#_passthroughbypass_policies). – ecdsa Jun 19 '23 at 07:55

0 Answers0