[strongSwan] Strongswan configuration for iphone <--> home network ipsec connection

Sun Nov 3 16:58:07 CET 2013

You are missing a kernel module so that is definitely a problem.  I 
suggest you read this:
http://www.smallnetbuilder.com/forums/showthread.php?t=12916

On 11/3/2013 4:30 AM, Luka wrote:
> Thanks for suggestion.
> I'm running vpn server on a asus router (RT-AC66U, custom FW - Merlin 
> build)  and "ip forward" is already enabled
>
> cat /proc/sys/net/ipv4/ip_forward
>
> 1
>
>
> If I execute iptables command, I get:
>
> iptables -A POSTROUTING -t NAT -j SNAT --to-source 192.168.0.10
>
> iptables v1.3.8: can't initialize iptables table `NAT': Table does not 
> exist (do you need to insmod?)
>
> Perhaps iptables or your kernel needs to be upgraded.
>
>
> Looks like I'm missing some modules.
> I've checked NAT Passthrough settings in router administration console 
> and it's enabled for:
> PPTP Passthrough
> L2TP Passthrough
> IPSec Passthrough
> RTSP Passthrough
> H.323 Passthrough
> SIP Passthrough
>
> Any other suggestions ?
>
> Another thing, when I start ipsec, I get following message:
>
>  ipsec start
>
> Starting strongSwan 5.0.4 IPsec [starter]...
>
>  '/lib/modules/2.6.22.19/kernel/net/ipv4/xfrm4_tunnel.ko 
> <http://2.6.22.19/kernel/net/ipv4/xfrm4_tunnel.ko>': unknown symbol in 
> module, or unknown parameter
>
>
> But server starts anyway. Should I ignore this error ?
>
> L
>
>
>
> On Sun, Nov 3, 2013 at 5:20 AM, Lawrence Chiu 
> <Lawrence_Chiu_TX3 at yahoo.com <mailto:Lawrence_Chiu_TX3 at yahoo.com>> wrote:
>
>     I had a similar problem when I got started with Strongswan.  I
>     could connect to the VPN, but couldn't browse anything.  I fixed
>     it with this:
>     http://superuser.com/questions/648283/strongswan-ipsec-vpn-for-windows-7-road-warrior-config
>
>
>
>     On 11/2/2013 1:32 PM, Luka wrote:
>>     Hi.
>>     Can someone help me with strong swan configuration. I would like
>>     to access home network from my iPhone.
>>     I've setup config(certificates, etc...), following this guide:
>>     http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)
>>     <http://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29>
>>
>>     I can connect to VPN from iPhone, but I can't access home network
>>     or internet.
>>     My home network has following settings:
>>     Subnet mask: 255.255.255.0
>>     Router ip(local ip of vpn server): 192.168.2.1
>>     Other devices ip range is 192.168.2.X
>>     ipsec.conf file:
>>
>>     conn ios
>>
>>         keyexchange=ikev1
>>
>>         authby=xauthrsasig
>>
>>         xauth=server
>>
>>         left=%defaultroute
>>
>>         leftsubnet=0.0.0.0/0 <http://0.0.0.0/0>
>>
>>         leftcert=serverLupoCert.pem
>>
>>         right=%any
>>
>>         rightsubnet=10.0.0.0/24 <http://10.0.0.0/24>
>>
>>         rightsourceip=10.0.0.2
>>
>>         rightcert=clientCert.pem
>>
>>         auto=add
>>
>>
>>     I probably need to change left/right subnet and source IPs ?
>>
>>
>>     Thanks
>>
>>
>>
>>     _______________________________________________ Users mailing
>>     list Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
>>     https://lists.strongswan.org/mailman/listinfo/users
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131103/aae28d57/attachment.html>