[strongSwan] Routing client traffic

John Charles j.charles at gmx.us
Thu May 2 02:48:09 CEST 2013


I've managed to get my android VPN to connect to my gateway, but I am not seeing packets be SNATed properly. My SNAT rule is:

iptables -t nat -A POSTROUTING -s 192.168.120.0/24 -j SNAT --to-source xx.xx.xx.202

My client IP is 192.168.120.1

[root at basket ipsec.d]# ip route show table 220
192.168.120.1 via yy.yy.yy.129 dev eth0  proto static 

Tcpdump output is below, I'm not seeing the SNAT occur. Any ideas?

[root at basket ipsec.d]# tcpdump -nni any host 192.168.120.1 or host xx.xx.xx.202
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
00:46:21.393068 IP 192.168.120.1.25066 > 198.224.190.135.53: 40677+ A? www.reddit.com. (32)
00:46:26.302528 IP 192.168.120.1.4050 > 198.224.191.135.53: 40677+ A? www.reddit.com. (32)
00:46:27.149335 IP 192.168.120.1.37460 > 205.251.242.188.443: Flags [S], seq 935428732, win 13600, options [mss 1360,sackOK,TS val 31079752 ecr 0,nop,wscale 6], length 0
00:46:29.622721 IP 192.168.120.1.39478 > 23.62.236.169.80: Flags [S], seq 1595295765, win 13600, options [mss 1360,sackOK,TS val 31080059 ecr 0,nop,wscale 6], length 0




-- John Charles




More information about the Users mailing list