[strongSwan] Can connect to strongSwan, but can't access local network and internet
Luka Hlastec
luka.hlastec at gmail.com
Sun Dec 28 19:38:41 CET 2014
Hi.
I’ve some problems with strongSwan - I can connect to server(strongSwan
v5.0.4, IKEv1, using certificates) with my iPhone(iOS8), but I can’t access
local network or internet.
I’m using following config file:
###########
#ipsec.conf - strongSwan IPsec configuration file
config setup
uniqueids=never
charondebug="cfg 2, dmn 2, ike 2, net 2, ike 1"
conn ios
keyexchange=ikev1
authby=xauthrsasig
xauth=server
#
#LEFT(SERVER)
left=%defaultroute
leftsubnet=0.0.0.0/0
leftfirewall=yes
leftcert=vpnHostCert.pem
#
#RIGHT(CLIENT)
right=%any
rightsubnet=10.0.0.0/24
rightsourceip=10.0.0.0/24
rightcert=ClientCert.pem
dpdaction=clear
auto=add
###########END
LAN subnet: 192.168.2.x
WAN IP: 86.158.x.x
My LAN is behind firewall (192.168.2.1) - I’ve setup port redirect (ipsec
ports - UDP 500 and 4500) to strongSwan server (Raspberry Pi,
192.168.2.102).
I’ve also set following on raspberry Pi:
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
Status of connection:
>ipsec status
Security Associations (1 up, 0 connecting):
ios[1]: ESTABLISHED 38 seconds ago, 192.168.2.102[C=CH,
O=strongSwan, CN=86.158.x.x]…188.198.x.x[C=CH, O=strongSwan, CN=
xxx.xxx at gmail.com]
ios{1}: INSTALLED, TUNNEL, ESP in UDP SPIs: c5dd1b9d_i 069cc5f0_o
ios{1}: 0.0.0.0/0 === 10.0.0.1/32
Can someone help me with iptable settings? How to set it up, so strongSwan
clients will be able to access LAN subnet?
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141228/59988444/attachment.html>
More information about the Users
mailing list