[strongSwan] strongswan on centos and ios client
sashka at mail.ru
Fri Jun 29 15:37:55 CEST 2012
I'm new to strongswan and run into issues on setting up my ipsec vpn
for roaming iOS clients. They need to have access to system on the LAN
while traveling and here is what I've got:
LAN 192.168.10.0/24 ---- eth0 192.168.10.231 SERVER 64.xxx.xxx.200
eth1 ---- internet ---- client (iphone)
I have LAN with 192.168.10.0/24 range. There is Centos 6 server which
has two interfaces: LAN and WAN. It is not router, it is dedicated
system for VPN. I've followed guide
after completing configuration, unable to ping anything. iOS reports,
that VPN connection established, but can't ping neither LAN IP of VPN
server not phone IP from VPN server.
Here is my ipsec.conf:
I have iptables enabled on the system. By default, INPUT is drop by
default, OUTPUT is accept by default.
I've added following rules into my iptables:
-A FIREWALL -i eth1 -p esp -j ACCEPT
-A FIREWALL -i eth1 -p udp -m udp --dport 500 -j ACCEPT
-A FIREWALL -i eth1 -p udp -m udp --dport 4500 -j ACCEPT
-t nat -A POSTROUTING -o eth1 -s 192.168.200.0/24 -j MASQUERADE
So here are my questions:
1. What did I miss in order to setup this VPN connection?
2. When I disconnect with iOS device, I won't able to re-connect
unless I restart strongswan
3. How can I modify this configuration to allow multiple clients to connect?
More information about the Users