[vpn-help] unable to verify remote peer certificate
Stefan Bauer
stefan.bauer at cubewerk.de
Thu May 6 02:44:36 CDT 2010
Am 06.05.2010 09:31, sftf schrieb:
> I read page 14.
> I'm use Shrew VPN Clinet, not Windows7 native IKEv2 client.
Sure, i'm aware of your setup. I was just trying to point you to
that sentence, that windows 7 does not allow split-tunneling, but
other clients do - like the shrew client. Anyway as one of the
developers just respond on irc with the answer, that there is no
support for split-tunneling yet.
> When I connect to racoon from Shrew VPN Client, I get routing to both networks behind gateway;
> When I connect to pluto to the same gateway from Shrew VPN Client, I may get routing to
> one network only - one that goes first in leftsubnet=...
> So I think this is not problem of Windows7 itself, but "feature" of pluto.
>
> From http://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
> left|rightsubnet = <ip subnet>
> ...
> Further, IKEv2 supports multiple
> subnets separated by commas. IKEv1 only interprets the first subnet of such a definition.
> Are you agree?
That is something different to split-tunneling. If i understand
split-tunneling correct, you force included split-tunnel networks to
go through the vpn-link. Others get routed normally through your
regular internet-route. So the split-tunneling option like racoon
has it pushing out some routes to the client.
the left/rightsubnet setting ist just kind of policy to tell the
vpn-concentrator which traffic is allowed to go through the tunnel.
I may be wrong with that - never used *swan heavily.
Stefan
--
Stefan Bauer -----------------------------------------
PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34
-------- plzk.de - Linux - because it works ----------
More information about the vpn-help
mailing list