[strongSwan] Routing and firewalling
ulrich.schinz at ksfh.de
Fri Aug 9 11:36:29 CEST 2013
I setup a strongswan server. So far authentication is working
(cert-based and radius-auth as well).
Now I'd like to have a setup where I can use the VPN-connection to
establish connections into internet.
Background: our students can access "protected" areas of libraries,
where they can download ebooks for example.
Accesscontrol on side of the libraries is the senders IP-adress. So I'd
like to have the students connected to
our vpn and then have routet internet-traffic through vpn->internal
network->outer ip(registered with libraries->internet....
Clients are Win7/8/XP...
In my serverconfiguration I have configured leftsubnets to let the users
enter parts of our subnets. This is working very well.
Only... I can't access Internet.
Some details of my configuration:
rightid="DC=de, DC=myhighschool, O=The official name of our
highschool, OU=Some add Info, CN=*"
My rightsourceips are masqueraded on the vpn-server, so that the
firewall does only need configuration for our vpn-server.
Maybe you can give me some hints how to manage the access to other IPs
than defined in leftsubnet. Fyi I also tried leftsubnet 0.0.0.0...
I'd like to setup a firewalling based on the rightsourceips. So I can
define multiple conns with different rightsourceips. Depending on these
IPs I'd like to setup firewallrules on my vpn-server.
I found a script which is being called on every connection with the
Before I start to study this script my question is: what is the "wanted"
way to get this script managed. Should I directly edit this script, or are
there externel resource that can be configured or....?
Thanks for your help in advance
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users