[strongSwan] (VPNServer == <NAT> === router ==== internet === VPN Client ) getting failed / not able to establish the connection.
ramakanth.varala at gmail.com
Sat Dec 8 19:05:55 CET 2012
I could able to get them working changes were in the ipsec.conf , ipsec.psk
I have a generic questions related to Strongswan and IPtables.
Iam using the "*Linux strongSwan U4.6.1/K2.6.39" *version.
following are my queries.
My Strongswan is running behind a router.
My box where strongswan server currently running does not have any iptables
as such now.
Currently iam Using a DNAT for 4500 , 500 ports in PREROUTING and SNAT for
4500 , 500 ports in POSTROUTING chains of nat table on my router.
Do i need to have any other rules to be applied here on my router apart
Any rules like below.. do i need to apply on to my router ..?
Here 192.168.1.0/24 is my LAN Subnet and 10.10.15.8 is my WAN IP.
-A INPUT -s 192.168.1.0/24 -i eth4 -m mark --mark 0x8/0x8 -j ACCEPT
-A INPUT -s 10.10.15.8/32 -i eth4 -p ipv6-crypt -j ACCEPT
2) Do we have any provision of applying the iptables rules on to my router
through strongswan configuraiton ?
3) Any specific precations i need to take in my case..?
Your comments would be highly appreciated and would help me immensely.
Thanks and Regards
On Wed, Dec 5, 2012 at 12:23 AM, ramakanth varala <
ramakanth.varala at gmail.com> wrote:
> Hello all,
> Iam bit new to IPSec VPN and trying to figure it out how can run this
> VPNServer on my dual core board.
> First board is ARM with 10.10.16.8 (WAN) as its interface second
> interface on same board 192.168.1.1
> Second board is ATOM runnig on 192.168.1.254 .
> Running VPN Server in ATOM and kept a DNAT at ARM using Iptable rules to
> follow all packets 10.10.16.8:500 and 10.10.16.8:4500 to 192.168.1.254:500and
> here is a typical block diagram with ip's.
> Here all ips can ping each other.
> router (10.90.200.1) ======= dual core board ( Wan board 10.10.15.8 |
> Lan board 192.168.1.254)
> ||=============== LAN PC (10.90.200.2)
> my ipsec.conf is like below
> # cat /var/etc/ipsec/ipsec.conf
> config setup
> conn %default
> conn host-host
> The error i see at /var/pluto.txt is like below when i initiate a
> connection from Remote IPSec Client at LAN PC
> *| peer: 0a 5a c8 02
> | state hash entry 27
> | state object not found
> packet from 10.90.200.2:4500: Quick Mode message is for a non-existent
> | next event EVENT_REINIT_SECRET in 3397 seconds*
> Can you please guide me where am i going wrong.
> Your help would be highly appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users