<div dir="ltr">Thanks for suggestion.<div>I'm running vpn server on a asus router (RT-AC66U, custom FW - Merlin build) and "ip forward" is already enabled<div><p style="margin:0px;font-size:11px;font-family:Menlo">
cat /proc/sys/net/ipv4/ip_forward</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">1</p></div><div><br></div><div>If I execute iptables command, I get:</div><div><p style="margin:0px;font-size:11px;font-family:Menlo">iptables -A POSTROUTING -t NAT -j SNAT --to-source 192.168.0.10</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">iptables v1.3.8: can't initialize iptables table `NAT': Table does not exist (do you need to insmod?)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">Perhaps iptables or your kernel needs to be upgraded.</p></div><div><br></div><div>Looks like I'm missing some modules.</div><div>I've checked NAT Passthrough settings in router administration console and it's enabled for:</div>
<div><div>PPTP Passthrough<span class="" style="white-space:pre"> </span></div><div>L2TP Passthrough<span class="" style="white-space:pre"> </span></div><div>IPSec Passthrough<span class="" style="white-space:pre"> </span></div>
<div>RTSP Passthrough<span class="" style="white-space:pre"> </span></div><div>H.323 Passthrough<span class="" style="white-space:pre"> </span></div><div>SIP Passthrough</div></div><div><br></div><div>Any other suggestions ? </div>
<div><br></div><div>Another thing, when I start ipsec, I get following message:</div><div><p style="margin:0px;font-size:11px;font-family:Menlo"> ipsec start</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">Starting strongSwan 5.0.4 IPsec [starter]...</p>
<p style="margin:0px;font-size:11px;font-family:Menlo"> '/lib/modules/<a href="http://2.6.22.19/kernel/net/ipv4/xfrm4_tunnel.ko">2.6.22.19/kernel/net/ipv4/xfrm4_tunnel.ko</a>': unknown symbol in module, or unknown parameter<br>
</p>
<p style="margin:0px;font-size:11px;font-family:Menlo"><br></p></div><div>But server starts anyway. Should I ignore this error ? </div><div><br></div><div>L</div><div><br></div></div></div><div class="gmail_extra"><br><br>
<div class="gmail_quote">On Sun, Nov 3, 2013 at 5:20 AM, Lawrence Chiu <span dir="ltr"><<a href="mailto:Lawrence_Chiu_TX3@yahoo.com" target="_blank">Lawrence_Chiu_TX3@yahoo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>I had a similar problem when I got
started with Strongswan. I could connect to the VPN, but couldn't
browse anything. I fixed it with this:<br>
<a href="http://superuser.com/questions/648283/strongswan-ipsec-vpn-for-windows-7-road-warrior-config" target="_blank">http://superuser.com/questions/648283/strongswan-ipsec-vpn-for-windows-7-road-warrior-config</a><div>
<div class="h5"><br>
<br>
On 11/2/2013 1:32 PM, Luka wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div class="h5">
<div dir="ltr">Hi.
<div>Can someone help me with strong swan configuration. I would
like to access home network from my iPhone.</div>
<div>I've setup config(certificates, etc...), following this
guide:</div>
<div><a href="http://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29" target="_blank">http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)</a><br>
</div>
<div><br>
</div>
<div>I can connect to VPN from iPhone, but I can't access home
network or internet.</div>
<div>My home network has following settings:</div>
<div>Subnet mask: 255.255.255.0</div>
<div>Router ip(local ip of vpn server): 192.168.2.1</div>
<div>Other devices ip range is 192.168.2.X</div>
<div>ipsec.conf file:</div>
<div><br>
</div>
<div>
<p style="margin:0px;font-size:11px;font-family:Menlo">conn
ios </p>
<p style="margin:0px;font-size:11px;font-family:Menlo">
keyexchange=ikev1 </p>
<p style="margin:0px;font-size:11px;font-family:Menlo">
authby=xauthrsasig </p>
<p style="margin:0px;font-size:11px;font-family:Menlo">
xauth=server </p>
<p style="margin:0px;font-size:11px;font-family:Menlo">
left=%defaultroute </p>
<p style="margin:0px;font-size:11px;font-family:Menlo">
leftsubnet=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>
</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">
leftcert=serverLupoCert.pem </p>
<p style="margin:0px;font-size:11px;font-family:Menlo">
right=%any </p>
<p style="margin:0px;font-size:11px;font-family:Menlo">
rightsubnet=<a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a>
</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">
rightsourceip=10.0.0.2 </p>
<p style="margin:0px;font-size:11px;font-family:Menlo">
rightcert=clientCert.pem </p>
<p style="margin:0px;font-size:11px;font-family:Menlo">
auto=add </p>
<p style="margin:0px;font-size:11px;font-family:Menlo"><span style="font-family:arial;font-size:small"><br>
</span></p>
<p style="margin:0px">
I probably need to change left/right subnet and source IPs
? </p>
<p style="margin:0px"><br>
</p>
<p style="margin:0px">Thanks</p>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre><div class="im">_______________________________________________
Users mailing list
<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>
</div><a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a></pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div>