Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - cb88

Pages1
#1
Virtual private networks / Re: IPSEC IKEv2 Roadwarrior setup can only talk to 192.168.0.x range
November 13, 2024, 09:31:35 PM
Dang I wanted it to work so bad ha.

In any case I guess this will send me down the Wireguard route. I mean it kinda does work sort of so I will probably leave it as is as a fall back.
#2
Virtual private networks / Re: IPSEC IKEv2 Roadwarrior setup can only talk to 192.168.0.x range
November 13, 2024, 09:01:28 PM
Hmm yeah I expected this to work basically the same as my Strongswan setup on Ubiquiti but apparently that is L2TP which is a bit different from the IKEv2 roadwarrior configuration.

I'm just baffled why I cannot communicate with some of the hosts in my local network with this setup.

Paying more for client software is hard to justify in my use case. It it were a small cost ok but NCP is not inexpensive.
#3
Virtual private networks / Re: IPSEC IKEv2 Roadwarrior setup can only talk to 192.168.0.x range
November 13, 2024, 08:02:53 PM
So I changed the it to 192.168.1.0/24 and 172.0.0.0/24 so I have a /24 on both ends (the local network is actually still a /22 though).

On my lan I get 110 hosts up in 192.168.1.0 and I can only get to 49 of them over the tunnel which seems very odd. I added the route 192.168.1.0 255.255.255.255 172.0.0.254 to the client manually.
#4
Virtual private networks / Re: IPSEC IKEv2 Roadwarrior setup can only talk to 192.168.0.x range
November 13, 2024, 07:47:04 PM
Windows 10/11 clients

I was able to get the split tunnel partially working, 0.0.0.0/0 traffic goes out the client's internet, and I added a route manually for 192.168.0.0 255.255.252.0 172.0.3.254 ... but I still have the issue of only about 81-82 of the hosts showing up while there are 171 hosts in the /22 up.

Most of my hosts are in 192.168.1.0/24 range so perhaps I could set that up as a /24 anyone that wanted to remote into other system would have to remote into that range though this would be equivalent to our old VPN.
#5
Virtual private networks / Re: IPSEC IKEv2 Roadwarrior setup can only talk to 192.168.0.x range
November 13, 2024, 04:15:58 PM
Despite the fact that I can currently connect to 192.168.0.x range... of my /22 from the VPN I am thinking I need to configure NAT between them?
#6
Virtual private networks / IPSEC IKEv2 Roadwarrior setup can only talk to 192.168.0.x range
November 13, 2024, 12:51:01 AM
So I have it the tunnel working and 192.168.0.0/22 configured for my local network and 10.0.10.1/24 set as the VPN pool, for some reason when configured as 10.0.10.0/24 it did not work correctly, eg I could connect and send packets to and from but they would not be routed to the local subnet and vice versa? After configuring the pool to 10.0.10.1 it does route traffic to at least part of my local network and back (eg I can now RDP to 192.168.0.24).

I'm not sure if there is some route or firewall issue preventing me from connecting to anything in the rest of my /22


Pages1