[strongSwan] Strongswan VPN on OpenWRT not routing packets
Mirko Parthey
mirko.parthey at informatik.tu-chemnitz.de
Mon May 13 17:02:37 CEST 2013
On Mon, May 13, 2013 at 09:03:57AM +1000, Greg Pagendam-Turner wrote:
> I'm running Barrier Breaker version of OpenWRT and I have setup a VPN according
> to:http://wiki.openwrt.org/inbox/strongswan.howto I can connect to the VPN with
> my iPhone or Mac (to 10.10.1.0/24 network). I can also connect from Windows 7.
> An IP is allocated to the client successfully using DHCP.
> Once connected I can't access anything on the network. /etc/firewall.user
> contains:
>
> iptables -I INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT
> iptables -I FORWARD -m policy --dir in --pol ipsec --proto esp -j ACCEPT
> iptables -I FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT
> iptables -I OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT
>
> Any ideas on why packets are not being routed over the vpn?
The "ipsec statusall" command shows byte and packet counters.
This way you can check if any traffic has been processed by IPsec at all.
> Could this be a NAT thing?
Yes, you may have to exempt the VPN traffic from NAT processing.
My setup for a net-to-net scenario on Attitude Adjustment includes these rules:
iptables -t nat -I zone_wan_nat 1 -m policy --pol ipsec --dir out --mode tunnel -j RETURN
iptables -t nat -I zone_wan_prerouting 1 -m policy --pol ipsec --dir in --mode tunnel -j RETURN
Regards,
Mirko
More information about the Users
mailing list