[strongSwan] specific strongswan vpn server configuration for nfs mounts?

Cindy Moore ctmoore at cs.ucsd.edu
Mon Sep 22 23:34:18 CEST 2014

Hello, all.  I'm testing the ability of my strongswan vpn connection
to nfs mount across the connection and am running into some issues.

The exports (on a separate server, nfs-server) is set up to export the
directory to the vpn virtual address.  This has been tested
independently with an extra server assigned that address (call it -- nfs mounting was fine.

So I removed the test machine from the network, and set up the vpn
connection with a vpn client, which gives me a tun0 with as
the listed address when I verify on the vpn client with ifconfig. (I
can also ssh to other machines in our private networks from the vpn
client while the vpn connection is running.)

Strongswan server is running ubuntu 14.04 with strongswan from the
repository; client is running ubuntu 14.04 with
network-manager-strongswan installed. nfs-server is another 14.04

When I attempt to mount the directory on the client
sudo mount nfs-server.example.com:/home/moi /mnt
I get access denied by server while mounting nfs-server.example.com:/home/moi

on nfs-server's /var/log/syslog
Sep 22 13:49:03 nfs-server rpc.mountd[1069]: refused mount request
from <vpn server ip address> for /nfs-server/users/moi (/): not

So it seems the request is being made "from" vpn.example.com and not
"from" .

I suspect this is because vpn.example.com is natting the addresses
this way, but I'm not sure if there's an alternative configuration on
the vpn server to handle this?  I really didn't find anything specific
about handling nfs over vpn at the strongswan wiki.

Any thoughts appreciated,

More information about the Users mailing list