[strongSwan] One-way tunnel
jan.vejvalka at datim.cz
Tue Jan 18 00:28:56 CET 2011
the issue is resolved:
besides routing via IPSec to the remote network, my box also serves as
the default gateway from my private network to the outside world.
Therefore, there is a masquerading rule in the POSTROUTING chain.
iptables -t nat -A POSTROUTING -o extiface -j MASQUERADE
iptables -t nat -A POSTROUTING -o extiface -j SNAT --to mypublicip
did the job.
Thanks to all who helped,
On 12.1.2011 7:01, Jan Vejvalka wrote:
> Hi *,
> I'm new to strongSwan, trying to set it up to work with Cisco 7206VXR
> to tunnel communication between networks on both sides, on IPv4 with
> IKEv1, PSK.
> With iptables, I monitor packets on my box.
> Pings from the remote network to my local network come through and get
> responded: esp in, echo-request forwarded, echo-reply forwarded, esp
> Pings in the opposite direction never make it: the echo-request is
> forwarded, but no esp packet is sent out and the ping packet goes
> further to the default gateway.
> My configuration follows the one at
> I'm using kernel 188.8.131.52, everything else is Slackware 13.1.
> Any hint/help is much welcome.
> Many thanks,
> This is my ipsec.conf:
> config setup
> conn net-net
> Users mailing list
> Users at lists.strongswan.org
More information about the Users