[strongSwan] ipsec to VPS
Eric Zhang
debiansid at gmail.com
Mon Dec 8 00:24:28 CET 2014
This iptables rule should me on both sides of strongswan gateway and client?
Sent from Mobile
> On 2014年12月8日, at 02:18, Noel Kuntze <noel at familie-kuntze.de> wrote:
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello Eric,
>
> Please check if any iptables rules are dropping the packets. Also, please make sure any SNAT
> or MASQUERADE rule does not match the traffic that is to be tunneled.
>
> You can do that using the "policy" match module in iptables.
> The following MASQUERADE rule matches all traffic except IPsec traffic
>
> iptables -t nat -A POSTROUTING -o eth0 -m policy --pol none --dir out -j MASQUERADE
>
> Mit freundlichen Grüßen/Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
>> Am 07.12.2014 um 13:30 schrieb Eric Y. Zhang:
>> Hi all
>> I need to setup an IPSec tunnel to my VPS which only has one public IP.
>> so I add eth0.1 192.168.87.1/24 <http://192.168.87.1/24>, and follow the steps on http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/; and I can see ipsec tunnel is up on both sides.
>>
>> unabove[7]: ESTABLISHED 39 minutes ago, 192.168.88.101[user1]...192.99.70.158[192.99.xx.xx]
>> runabove{1}: INSTALLED, TUNNEL, ESP in UDP SPIs: c7f24174_i c2289fb5_o
>> runabove{1}: 192.168.88.0/24 <http://192.168.88.0/24> === 192.168.87.0/24 <http://192.168.87.0/24>
>>
>> but I can not ping 192.168.87.1 from my side(which is strongswan on openwrt)
>>
>> any help would be appreciated
>>
>>
>>
>> --
>> Life is harsh
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJUhJoMAAoJEDg5KY9j7GZYjlAP/izs4iLIFDBLCdt+blwmhRO8
> ZsdxZBRkHVuT24iT+EVNr5E5y3rXqpEIdYVbd7rn7Q/itoAD7WyxDc85q1Y26JXE
> Bg0E1FwdXc3Z4SU2+xsNBho2VKYRkft0twlDNGYIo3YyZlBMpOeD8lEPhwwJkKzX
> 9V/pCO3wSb9vUyF/AxvxQKjFJM52Bn2OSA6TStiX8Ube8Tj4HfFlIYmVe2fHu2Vh
> vUu6d7+YPDwGizxZX50kD590+ljpLfxlo7LV5dbBhIkWTBHCBAWgs6eo8u6Wr/zf
> IwfxLexU+M+RE6pcSKiU+ry6nSJD99JDVVQN7d5AHdM4u4Mv5AKm7+8NA3XUHM6Q
> rPb6g9mR2+0uaV7jUTII7Xr7fxBVLmQWgVmiNMIgLlzZauD346zAiIUycGn0U27t
> pc5Xxsg+1tr00/4p/82nCQOh8StbSfTDO22sIL/gOhOCfm3fLg3jbsTq6eDSTQUb
> +dc2++jKcsK6NGNm2Hm26eP+ncSi30ISnEgCCh/k71XVMOkEuTRzhXeiC3g+qL/C
> LblRzRsN9oKLYvZXomqvl8Eihxy9AIXzD9eJ58EUNRRnF0AfM4qBfX3IkhWaUFrW
> T6q+u4cB8Y427Gzwd5DZIuqbCdwaaaep7UCpkAsBow4lB+h8SmRSwx8LEFNj7qsW
> Lz7dEj5nP8HThugVGSDd
> =nSzv
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list