[strongSwan] Strongswan configuration for iphone <--> home network ipsec connection

Luka Lukapple80 at gmail.com
Sun Nov 3 11:30:21 CET 2013


Thanks for suggestion.
I'm running vpn server on a asus router (RT-AC66U, custom FW - Merlin
build)  and "ip forward" is already enabled

cat /proc/sys/net/ipv4/ip_forward

1

If I execute iptables command, I get:

iptables -A POSTROUTING -t NAT -j SNAT --to-source 192.168.0.10

iptables v1.3.8: can't initialize iptables table `NAT': Table does not
exist (do you need to insmod?)

Perhaps iptables or your kernel needs to be upgraded.

Looks like I'm missing some modules.
I've checked NAT Passthrough settings in router administration console and
it's enabled for:
PPTP Passthrough
L2TP Passthrough
IPSec Passthrough
RTSP Passthrough
H.323 Passthrough
SIP Passthrough

Any other suggestions ?

Another thing, when I start ipsec, I get following message:

 ipsec start

Starting strongSwan 5.0.4 IPsec [starter]...

 '/lib/modules/2.6.22.19/kernel/net/ipv4/xfrm4_tunnel.ko': unknown symbol
in module, or unknown parameter


But server starts anyway. Should I ignore this error ?

L



On Sun, Nov 3, 2013 at 5:20 AM, Lawrence Chiu
<Lawrence_Chiu_TX3 at yahoo.com>wrote:

>  I had a similar problem when I got started with Strongswan.  I could
> connect to the VPN, but couldn't browse anything.  I fixed it with this:
>
> http://superuser.com/questions/648283/strongswan-ipsec-vpn-for-windows-7-road-warrior-config
>
>
> On 11/2/2013 1:32 PM, Luka wrote:
>
> Hi.
> Can someone help me with strong swan configuration. I would like to access
> home network from my iPhone.
> I've setup config(certificates, etc...), following this guide:
> http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)
>
>  I can connect to VPN from iPhone, but I can't access home network or
> internet.
> My home network has following settings:
> Subnet mask: 255.255.255.0
> Router ip(local ip of vpn server): 192.168.2.1
> Other devices ip range is 192.168.2.X
> ipsec.conf file:
>
>  conn ios
>
>        keyexchange=ikev1
>
>        authby=xauthrsasig
>
>        xauth=server
>
>        left=%defaultroute
>
>        leftsubnet=0.0.0.0/0
>
>        leftcert=serverLupoCert.pem
>
>        right=%any
>
>        rightsubnet=10.0.0.0/24
>
>        rightsourceip=10.0.0.2
>
>        rightcert=clientCert.pem
>
>        auto=add
>
>
>  I probably need to change left/right subnet and source IPs ?
>
>
>  Thanks
>
>
> _______________________________________________
> Users mailing listUsers at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131103/ac1688a8/attachment.html>


More information about the Users mailing list