[strongSwan] dns problem when using the dhcp plugin
Hasse Hagen Johansen
hasse-strongswan at hagenjohansen.dk
Tue Dec 9 20:51:54 CET 2014
Thanks Simon
I just found that on serverfault :) That must be the solution(and maybe
define a special "vpn zone" would be nicer I think)
Best Regards
Hasse
Den 09/12/14 kl. 20:30 skrev Simon Deziel:
> On 12/09/2014 02:24 PM, Hasse Hagen Johansen wrote:
>> So I have these rules:
>>
>> Chain zone_wan (1 references)
>> target prot opt source destination
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
>> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:500
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4500
>> ACCEPT tcp -- 192.168.100.50 0.0.0.0/0 tcp dpt:53
>> ACCEPT udp -- 192.168.100.50 0.0.0.0/0 udp dpt:53
>> input_wan all -- 0.0.0.0/0 0.0.0.0/0
>> zone_wan_REJECT all -- 0.0.0.0/0 0.0.0.0/0
>>
>> I did this as quick fix because I couldn't figure out how to match the
>> vpn client as source. Is there anyway how to match packages coming from
>> the vpn clients?
> Yes, try "-m policy --dir in --pol ipsec" as the matching criterion. You
> can also combine it with other criteria.
>
> HTH,
> Simon
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list