Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VPN: IPsec: Mobile Clients - explicit split-include - charon attribute #7876

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

VPN: IPsec: Mobile Clients - explicit split-include - charon attribute #7876

wants to merge 1 commit into from

Conversation

falkevik
Copy link

Enabling more than one split network to be used with both vpnc and macos cisco vpn. Phase2 networks are set to 0.0.0.0/0 but the split-include is explicit.

Manual SPDs couldn't be added with mobile clients.
Using the IPsec Phase2 for more than one network didn't work as the SPD for the first network was the only one setup.
Rendering the subsequent networks in the split-include to be dropped on the way back to the vpn client IP address.

@AdSchellevis AdSchellevis self-assigned this Sep 20, 2024
@AdSchellevis
Copy link
Member

Eventually we should migrate this to MVC, the latest versions already contains "VPN: IPsec: Advanced Settings", which is likely also the spot where most of these settings should migrate to in some form.

Keeping this here for now to prevent complicating next steps more than needed.

@falkevik
Copy link
Author

Ok, understood. Thanks for considering the additional configuration option.
For us we couldn't find any other way to solve the problem with multiple split networks.

I can have a look at adding this to the MVC pattern once that is applicable.

@AdSchellevis AdSchellevis added the feature Adding new functionality label Sep 23, 2024
@AdSchellevis
Copy link
Member

@falkevik I'll keep it on the list, when refactoring code, it shouldn't be an issue to add it as well.

@falkevik
VPN: IPsec: Mobile Clients - explicit split-include
43926e8 
Enabling more than one split network to be used with both vpnc and macos cisco vpn.
Phase2 networks are set to 0.0.0.0/0 but the split-include is expclit.
Manual SPDs couldn't be added with mobile clients.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@AdSchellevis AdSchellevis

Labels
feature Adding new functionality
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@falkevik @AdSchellevis