fktssm
commented
2 years ago I forgot to add, I was configuring VyOS and ran into this problem.
The Agile configuration is rigidly fixed in ipsec.conf by rewriting manually added configurations.
Consequently, some important functions are hardcoded in the script.
One of them is the leftsubnet string.
To solve this problem, it is enough to change the script itself on the device, namely the string: my $left_subnet_route = "0.0.0.0/0"; on my $left_subnet_route = "yournetwork/yourmask";
I have StrongSwan configured, but in it I do not see the possibility of forcing the installation of routes from the client.
Windows doesn't work so badly. I can uncheck the flag: "use the primary gateway on the remote network" and force add a static route to the local network.
MacOS also forcibly adds a default gateway for the IKEv2 connection.
Although when using L2TP, you can remove the "Send all traffic via VPN" flag. And when using IKEv2, there is no such possibility in the graphical interface.
Hence the question: How can I remove the permanent default route change OR automatically set the "I" flag for the route being added for the IKEv2 connection in MacOS instead of the main gateway?
I saw a topic in which there was a reverse error. https://github.com/opnsense/core/issues/2113
Using a similar configuration, I can't reproduce what I need.