[strongSwan] ipsec to VPS

Noel Kuntze noel at familie-kuntze.de
Sun Dec 7 19:18:53 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Eric,

Please check if any iptables rules are dropping the packets. Also, please make sure any SNAT
or MASQUERADE rule does not match the traffic that is to be tunneled.

You can do that using the "policy" match module in iptables.
The following MASQUERADE rule matches all traffic except IPsec traffic

iptables -t nat -A POSTROUTING -o eth0 -m policy --pol none --dir out -j MASQUERADE

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 07.12.2014 um 13:30 schrieb Eric Y. Zhang:
> Hi all
> I need to setup an IPSec tunnel to my VPS which only has one public IP.
> so I add eth0.1 192.168.87.1/24 <http://192.168.87.1/24>, and follow  the steps on http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/; and I can see ipsec tunnel is up on both sides.
>
>  unabove[7]: ESTABLISHED 39 minutes ago, 192.168.88.101[user1]...192.99.70.158[192.99.xx.xx]
>     runabove{1}:  INSTALLED, TUNNEL, ESP in UDP SPIs: c7f24174_i c2289fb5_o
>     runabove{1}:   192.168.88.0/24 <http://192.168.88.0/24> === 192.168.87.0/24 <http://192.168.87.0/24>
>
> but I can not ping 192.168.87.1 from my side(which is strongswan on openwrt)
>
> any help would be appreciated
>
>
>
> --
> Life is harsh
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUhJoMAAoJEDg5KY9j7GZYjlAP/izs4iLIFDBLCdt+blwmhRO8
ZsdxZBRkHVuT24iT+EVNr5E5y3rXqpEIdYVbd7rn7Q/itoAD7WyxDc85q1Y26JXE
Bg0E1FwdXc3Z4SU2+xsNBho2VKYRkft0twlDNGYIo3YyZlBMpOeD8lEPhwwJkKzX
9V/pCO3wSb9vUyF/AxvxQKjFJM52Bn2OSA6TStiX8Ube8Tj4HfFlIYmVe2fHu2Vh
vUu6d7+YPDwGizxZX50kD590+ljpLfxlo7LV5dbBhIkWTBHCBAWgs6eo8u6Wr/zf
IwfxLexU+M+RE6pcSKiU+ry6nSJD99JDVVQN7d5AHdM4u4Mv5AKm7+8NA3XUHM6Q
rPb6g9mR2+0uaV7jUTII7Xr7fxBVLmQWgVmiNMIgLlzZauD346zAiIUycGn0U27t
pc5Xxsg+1tr00/4p/82nCQOh8StbSfTDO22sIL/gOhOCfm3fLg3jbsTq6eDSTQUb
+dc2++jKcsK6NGNm2Hm26eP+ncSi30ISnEgCCh/k71XVMOkEuTRzhXeiC3g+qL/C
LblRzRsN9oKLYvZXomqvl8Eihxy9AIXzD9eJ58EUNRRnF0AfM4qBfX3IkhWaUFrW
T6q+u4cB8Y427Gzwd5DZIuqbCdwaaaep7UCpkAsBow4lB+h8SmRSwx8LEFNj7qsW
Lz7dEj5nP8HThugVGSDd
=nSzv
-----END PGP SIGNATURE-----



More information about the Users mailing list