[strongSwan] Routing Polices with IPTABLES not working
Martin Willi
martin at strongswan.org
Fri Dec 7 10:07:04 CET 2012
Hi Adrian,
> Why is it so difficult to get these packets flowing from the tunnel to
> the private network? I thought the certain commands were to add rules
> in to the IPtables and remove them when the tunnel is torn down.
Unless you have a firewall with default DROP policies, you don't need
any iptables entries. If you have a restrictive firewall, I'd recommend
to open it for testing, and once it works, have a look at the
leftfirewall ipsec.conf option.
* Do you have IP forwarding enabled on the VPN gateway?
(/proc/sys/net/ipv4/ip_forward)
* Do you have a proper route on the gateway for the private
network?
* Do the hosts on the network have a proper route over the gateway
to the virtual IPs you assign?
If this all looks OK, I'd try to analyze which packets get dropped (from
VPN clients to your private network, or from your private network to the
VPN clients?).
Regards
Martin
More information about the Users
mailing list