[strongSwan] Finally get my win 7 connected to strongSwan, but there's no Internet

Day Dreamer derrenbrownrocks at gmail.com
Wed Apr 17 14:39:30 CEST 2013 

I believe I've followed all the instructions, and my win 7 did get
connected, but there's no Internet.

Background:

Server OS: ubuntu 12.04 on linode xen VPS
strongSwan Version: 4.6.4

configurations in */etc/ipsec.conf :*
config setup

        charonstart=yes
        plutostart=yes
        nat_traversal=yes
        uniqueids=yes

conn ios
        keyexchange=ikev1
        authby=xauthpsk
        xauth=server
        left=%defaultroute
        leftsubnet=0.0.0.0/0
        leftfirewall=yes
        right=%any
        rightsubnet=10.11.0.0/24
        rightsourceip=10.11.0.0/24
        pfs=no
        auto=add

conn win7
    keyexchange=ikev2
    ike=aes256-sha1-modp1024!
    esp=aes256-sha1!
    dpdaction=clear
    dpddelay=300s
    rekey=no
    left=%defaultroute
    leftsubnet=0.0.0.0/0
    leftauth=pubkey
    leftcert=serverCert.pem
    leftid="C=CH, O=strongSwan, CN=VPS ip"
    right=%any
    rightsourceip=10.11.1.0/24
    rightauth=eap-mschapv2
    rightsendcert=never
    eap_identity=%any
    auto=add


added dns in */etc/strongswan.conf :*

charon {

dns1 = 8.8.8.8
dns2 = 208.67.222.222
...
pluto {
dns1 = 8.8.8.8
dns2 = 208.67.222.222

...


added user in */etc/ipsec.secrets :*

: PSK "mypskpass"
user1 : XAUTH "pass1"

: RSA serverKey.pem
user2 : EAP "pass2"

#include /var/lib/strongswan/ipsec.secrets.inc


added some new rules in */etc/iptables.firewall.rules*

*filter

# Accept IPsec VPN connections
-A INPUT -p udp --dport 500 -j ACCEPT
-A INPUT -p udp --dport 4500 -j ACCEPT

-A FORWARD -s 10.11.0.0/24 -j ACCEPT
-A FORWARD -s 10.11.1.0/24 -j ACCEPT

COMMIT

*nat

# Allow IPsec VPN connections

-A POSTROUTING -s 10.11.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.11.1.0/24 -o eth0 -j MASQUERADE

COMMIT

And activated iptables rules:

iptables-restore < /etc/iptables.firewall.rules


Then restarted ipsec:


ipsec restart



Till this point, my iOS can connect to it and everything works all right.


After this I generated certificates for both server and client side,
then converted .pem into .p12 and imported it into win 7.


The good part is win 7 can now connect to my vps, the bad part is
there's no internet connection.


I really don't know what part went wrong, would anybody please help me out?


Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130417/2a2a3269/attachment.html>

More information about the Users mailing list