[strongSwan] Routing client traffic

John Charles j.charles at gmx.us
Thu May 2 02:48:09 CEST 2013

I've managed to get my android VPN to connect to my gateway, but I am not seeing packets be SNATed properly. My SNAT rule is:

iptables -t nat -A POSTROUTING -s -j SNAT --to-source xx.xx.xx.202

My client IP is

[root at basket ipsec.d]# ip route show table 220 via yy.yy.yy.129 dev eth0  proto static 

Tcpdump output is below, I'm not seeing the SNAT occur. Any ideas?

[root at basket ipsec.d]# tcpdump -nni any host or host xx.xx.xx.202
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
00:46:21.393068 IP > 40677+ A? www.reddit.com. (32)
00:46:26.302528 IP > 40677+ A? www.reddit.com. (32)
00:46:27.149335 IP > Flags [S], seq 935428732, win 13600, options [mss 1360,sackOK,TS val 31079752 ecr 0,nop,wscale 6], length 0
00:46:29.622721 IP > Flags [S], seq 1595295765, win 13600, options [mss 1360,sackOK,TS val 31080059 ecr 0,nop,wscale 6], length 0

-- John Charles

More information about the Users mailing list