[strongSwan] ipsec to VPS

Noel Kuntze noel at familie-kuntze.de
Mon Dec 8 09:32:47 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Eric,

You need to change the rule on the side that has that rule.

Mit freundlichen Grüßen/Regards,
Noel Kuntze

Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 08.12.2014 um 00:24 schrieb Eric Zhang:
> This iptables rule should me on both sides of strongswan gateway and client?
> 
> 
> Sent from Mobile
> 
> 
>> On 2014年12月8日, at 02:18, Noel Kuntze <noel at familie-kuntze.de> wrote:
>>
>>
> Hello Eric,
> 
> Please check if any iptables rules are dropping the packets. Also, please make sure any SNAT
> or MASQUERADE rule does not match the traffic that is to be tunneled.
> 
> You can do that using the "policy" match module in iptables.
> The following MASQUERADE rule matches all traffic except IPsec traffic
> 
> iptables -t nat -A POSTROUTING -o eth0 -m policy --pol none --dir out -j MASQUERADE
> 
> Mit freundlichen Grüßen/Regards,
> Noel Kuntze
> 
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> 
>>>> Am 07.12.2014 um 13:30 schrieb Eric Y. Zhang:
>>>> Hi all
>>>> I need to setup an IPSec tunnel to my VPS which only has one public IP.
>>>> so I add eth0.1 192.168.87.1/24 <http://192.168.87.1/24>, and follow  the steps on http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/; and I can see ipsec tunnel is up on both sides.
>>>>
>>>> unabove[7]: ESTABLISHED 39 minutes ago, 192.168.88.101[user1]...192.99.70.158[192.99.xx.xx]
>>>>    runabove{1}:  INSTALLED, TUNNEL, ESP in UDP SPIs: c7f24174_i c2289fb5_o
>>>>    runabove{1}:   192.168.88.0/24 <http://192.168.88.0/24> === 192.168.87.0/24 <http://192.168.87.0/24>
>>>>
>>>> but I can not ping 192.168.87.1 from my side(which is strongswan on openwrt)
>>>>
>>>> any help would be appreciated
>>>>
>>>>
>>>>
>>>> --
>>>> Life is harsh
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.strongswan.org
>>>> https://lists.strongswan.org/mailman/listinfo/users
> 
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUhWIqAAoJEDg5KY9j7GZYSRwP/idJItD7BmsuwyNpPu9PdnX+
BY7n56NE6a1R+MYtNjtm7ZI/iTjhjATWa3naHoOSesXu4fvdAWX5bfZmR+YKLGY9
keqXPMvyq83Yetvo+G82+MYNQWhS4dpQStLwGI4NGAxo4xhmGOs0KSlItkZ8fDRB
bCmPIbHF+TKs4PUK8w69K3Dr7OsyPv9MWsM5VvMElnt8Hl9UQdERUjDj70lxMNv4
lqDVUhSa2W9kmm0LeTqMsTwdaIzLKCiyKrPMi77cwtv0Roeb2+lwCcURCbmr959B
e/NtiPdhnFFdlGYPd5ngrTxEzpxAkGkgKNpsHsGsJSNPbTXCF8VNtiNcMLr3degd
xQVarMKzIWB8n86w8eylvMH059BxJN6Y+Y9DkpRS+NeZ7y6LD7tKHo6ntwgUX1JE
R/J4y8LzoKLAMXS0xjP8517uqX+vfzXTkB5GUskncreyq27e4cXReFVkurcuplOa
ecUU+i/c7QVquWdm8qrNPEJZxvgUxbawplIjEVLfOLTrFRVidPmfarOUaNtu7FJ0
QfxgPMlollBeAgd3h7UcXfL403c0k7FCitNhQQc0bvsIJJq090McctcXAEKRhLAU
TFcqumGcYFUjAK5svB44LIhgA8V/N2W1okXKBwEIj49auq//RFDecapIbzFFgX59
bAX0NNOwi1laVSwzXnxi
=vVXb
-----END PGP SIGNATURE-----


More information about the Users mailing list