[strongSwan] dns problem when using the dhcp plugin
Simon Deziel
simon.deziel at gmail.com
Tue Dec 9 20:30:26 CET 2014
On 12/09/2014 02:24 PM, Hasse Hagen Johansen wrote:
> So I have these rules:
>
> Chain zone_wan (1 references)
> target prot opt source destination
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:500
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4500
> ACCEPT tcp -- 192.168.100.50 0.0.0.0/0 tcp dpt:53
> ACCEPT udp -- 192.168.100.50 0.0.0.0/0 udp dpt:53
> input_wan all -- 0.0.0.0/0 0.0.0.0/0
> zone_wan_REJECT all -- 0.0.0.0/0 0.0.0.0/0
>
> I did this as quick fix because I couldn't figure out how to match the
> vpn client as source. Is there anyway how to match packages coming from
> the vpn clients?
Yes, try "-m policy --dir in --pol ipsec" as the matching criterion. You
can also combine it with other criteria.
HTH,
Simon
More information about the Users
mailing list