On 10/28/18 3:04 PM, Radek wrote:
Hello, I really need your help. I am still trying to configure Ikev2 VPN Gateway (A.B.C.77/23) for road warriors clients (Windows). The problem is that it works ONLY if clients are in the same subnet as VPN Gateway (A.B.C.0/23). Clients from out of the gateway's subnet (!A.B.C.0/23) can not establish the connection (809 Error). It does not matter if they are behind NAT or not, tried different ISP - the same.Current tested client is Win7 (1.2.3.119). It works from A.B.C.0/23 I do not know what I am doing wrong. Can anyone please help me with solving this problem? Thank you. This is a fresh 6.3/i386 install:
# cat /etc/hostname.enc0 inet 10.0.1.1 255.255.255.0 10.0.1.255 up
You don't need an IP on enc0
# cat /etc/iked.conf ikev2 "test" passive esp \ from 0.0.0.0/0 to 0.0.0.0/0 \ local A.B.C.77 peer any \ srcid A.B.C.77 \ config address 10.0.1.0/24 \ config name-server 8.8.8.8 \ tag "IKED"
Try something like this, it works for both Win7 and Win10:
/etc/iked.conf
---------------------------------
ikev2 "roadWarrior" ipcomp esp \
from 0.0.0.0/0 to 0.0.0.0/0 \
peer any \
srcid $srcid \
config address 10.0.1.0/24 \
config netmask 255.255.255.0 \
config name-server $dns1 \
config name-server $dns2 \
config access-server A.B.C.77 \
config protected-subnet 0.0.0.0/0 \
tag "$id"
'access-server' tells Windows what gateway to use for 'protected-subnet'
(see iked.conf(5)).
smime.p7s
Description: S/MIME Cryptographic Signature
