<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">You are missing a kernel module so that
is definitely a problem. I suggest you read this:<br>
<a
href="http://www.smallnetbuilder.com/forums/showthread.php?t=12916">http://www.smallnetbuilder.com/forums/showthread.php?t=12916</a><br>
<br>
<br>
On 11/3/2013 4:30 AM, Luka wrote:<br>
</div>
<blockquote
cite="mid:CAD5z2yphjW_0HHyBQxzwkh5xLrPNPOQpBa8OrB=UNhYLRzKgsw@mail.gmail.com"
type="cite">
<div dir="ltr">Thanks for suggestion.
<div>I'm running vpn server on a asus router (RT-AC66U, custom
FW - Merlin build) and "ip forward" is already enabled
<div>
<p style="margin:0px;font-size:11px;font-family:Menlo">
cat /proc/sys/net/ipv4/ip_forward</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">1</p>
</div>
<div><br>
</div>
<div>If I execute iptables command, I get:</div>
<div>
<p style="margin:0px;font-size:11px;font-family:Menlo">iptables
-A POSTROUTING -t NAT -j SNAT --to-source 192.168.0.10</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">iptables
v1.3.8: can't initialize iptables table `NAT': Table does
not exist (do you need to insmod?)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">Perhaps
iptables or your kernel needs to be upgraded.</p>
</div>
<div><br>
</div>
<div>Looks like I'm missing some modules.</div>
<div>I've checked NAT Passthrough settings in router
administration console and it's enabled for:</div>
<div>
<div>PPTP Passthrough<span class="" style="white-space:pre">
</span></div>
<div>L2TP Passthrough<span class="" style="white-space:pre">
</span></div>
<div>IPSec Passthrough<span class="" style="white-space:pre">
</span></div>
<div>RTSP Passthrough<span class="" style="white-space:pre">
</span></div>
<div>H.323 Passthrough<span class="" style="white-space:pre">
</span></div>
<div>SIP Passthrough</div>
</div>
<div><br>
</div>
<div>Any other suggestions ? </div>
<div><br>
</div>
<div>Another thing, when I start ipsec, I get following
message:</div>
<div>
<p style="margin:0px;font-size:11px;font-family:Menlo"> ipsec
start</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">Starting
strongSwan 5.0.4 IPsec [starter]...</p>
<p style="margin:0px;font-size:11px;font-family:Menlo"> '/lib/modules/<a
moz-do-not-send="true"
href="http://2.6.22.19/kernel/net/ipv4/xfrm4_tunnel.ko">2.6.22.19/kernel/net/ipv4/xfrm4_tunnel.ko</a>':
unknown symbol in module, or unknown parameter<br>
</p>
<p style="margin:0px;font-size:11px;font-family:Menlo"><br>
</p>
</div>
<div>But server starts anyway. Should I ignore this error ? </div>
<div><br>
</div>
<div>L</div>
<div><br>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Sun, Nov 3, 2013 at 5:20 AM,
Lawrence Chiu <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:Lawrence_Chiu_TX3@yahoo.com" target="_blank">Lawrence_Chiu_TX3@yahoo.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>I had a similar problem when I got started with
Strongswan. I could connect to the VPN, but couldn't
browse anything. I fixed it with this:<br>
<a moz-do-not-send="true"
href="http://superuser.com/questions/648283/strongswan-ipsec-vpn-for-windows-7-road-warrior-config"
target="_blank">http://superuser.com/questions/648283/strongswan-ipsec-vpn-for-windows-7-road-warrior-config</a>
<div>
<div class="h5"><br>
<br>
On 11/2/2013 1:32 PM, Luka wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">Hi.
<div>Can someone help me with strong swan
configuration. I would like to access home
network from my iPhone.</div>
<div>I've setup config(certificates, etc...),
following this guide:</div>
<div><a moz-do-not-send="true"
href="http://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29"
target="_blank">http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)</a><br>
</div>
<div><br>
</div>
<div>I can connect to VPN from iPhone, but I can't
access home network or internet.</div>
<div>My home network has following settings:</div>
<div>Subnet mask: 255.255.255.0</div>
<div>Router ip(local ip of vpn server):
192.168.2.1</div>
<div>Other devices ip range is 192.168.2.X</div>
<div>ipsec.conf file:</div>
<div><br>
</div>
<div>
<p
style="margin:0px;font-size:11px;font-family:Menlo">conn
ios
</p>
<p
style="margin:0px;font-size:11px;font-family:Menlo">
keyexchange=ikev1
</p>
<p
style="margin:0px;font-size:11px;font-family:Menlo">
authby=xauthrsasig
</p>
<p
style="margin:0px;font-size:11px;font-family:Menlo">
xauth=server
</p>
<p
style="margin:0px;font-size:11px;font-family:Menlo">
left=%defaultroute
</p>
<p
style="margin:0px;font-size:11px;font-family:Menlo">
leftsubnet=<a moz-do-not-send="true"
href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>
</p>
<p
style="margin:0px;font-size:11px;font-family:Menlo">
leftcert=serverLupoCert.pem
</p>
<p
style="margin:0px;font-size:11px;font-family:Menlo">
right=%any
</p>
<p
style="margin:0px;font-size:11px;font-family:Menlo">
rightsubnet=<a moz-do-not-send="true"
href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a>
</p>
<p
style="margin:0px;font-size:11px;font-family:Menlo">
rightsourceip=10.0.0.2
</p>
<p
style="margin:0px;font-size:11px;font-family:Menlo">
rightcert=clientCert.pem
</p>
<p
style="margin:0px;font-size:11px;font-family:Menlo">
auto=add </p>
<p
style="margin:0px;font-size:11px;font-family:Menlo"><span
style="font-family:arial;font-size:small"><br>
</span></p>
<p style="margin:0px"> I probably need to change
left/right subnet and source IPs ? </p>
<p style="margin:0px"><br>
</p>
<p style="margin:0px">Thanks</p>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre><div class="im">_______________________________________________
Users mailing list
<a moz-do-not-send="true" href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>
</div><a moz-do-not-send="true" href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>