[strongSwan] Strongswan not writting in iptables
MTDROX Junior
mtdroxjunior at gmail.com
Fri Apr 22 09:33:08 CEST 2016
Hi there,
I've been trying to use Strongswan but unfortunately something is not
working as supposed.
In fact, the tunnel goes UP but no rules are added into iptables although I
set *leftfirewall=yes*
Below are results of some commands and ipsec.conf file:
1- uname
[root at vpn~]# uname -ar
Linux xxx.xxx.xxx 3.14.32-xxxx-grs-ipv6-64 #7 SMP Wed Jan 27 18:05:09 CET
2016 x86_64 x86_64 x86_64 GNU/Linux
2- ip xfrm policy
[root at vpn etc]# ip xfrm policy
src 0.0.0.0/0 dst 0.0.0.0/0
dir 3 priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir 4 priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir 3 priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir 4 priority 0
src ::/0 dst ::/0
dir 3 priority 0
src ::/0 dst ::/0
dir 4 priority 0
src ::/0 dst ::/0
dir 3 priority 0
src ::/0 dst ::/0
dir 4 priority 0
3- ipsec.conf
config setup
# strictcrlpolicy=yes
# uniqueids = no
charondebug=" dmn 1, mgr 1, ike 2, chd 1, job 1, cfg 3, knl 2, net
2,enc 1, lib 1"
conn %default
keyexchange=ikev1
keyingtries=%forever
rekeymargin=5m
type=tunnel
fragmentation=yes
dpdaction=restart
closeaction=restart
dpddelay=100s
dpdtimeout=500s
authby=psk
conn MCIT
ike=3des-md5-modp1024
ikelifetime=86400s
keylife=28800s
esp=3des-md5-modp1024
left=xxx.xxx.xxx.xxx
leftsubnet=172.16.12.0/24
leftid=172.16.12.4
leftauth = psk
leftfirewall=yes
right=xxx.xxx.xxx.xxx
rightid=xxx.xxx.xxx.xxx
rightauth = psk
conn srv
also=MCIT
rightsubnet=10.112.13.0/24
auto=start
Is there any issues with these settings?
Kindly help me find a solution.
Best regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160422/92f6f231/attachment-0001.html>
More information about the Users
mailing list