[strongSwan] VPN proxy for home network

[Ashwin Rao]

Hi,

I would like to tunnel all the traffic in my home network through a VPN
server in EC2, however I am failing to do so.

The scenario is as follows, I have a home-gateway with two interfaces, one
wifi and one wired.
The gateway is connected to Internet via the wired interface, and my laptop
and my desktop device are connect to the gateway via the wifi interface.
The wifi-interface of home network, the laptop, and the desktop are in
subnet 172.17.5.0/24 and all the IPs are statically assigned.

I have created a VPN tunnel between the home gateway and my server in my
office because I want all the traffic generated in my home to traverse
through my office server.

My ipsec.conf on the server in my office is as follows.
---
config setup

conn emulator
  compress=no
  type=tunnel
  auto=add
  keyexchange=ikev2
  left=%defaultroute
  leftid=@server.office.com
  leftsubnet=0.0.0.0/0
  leftcert=servercert.pem
  leftauth=pubkey
  leftfirewall=yes
  rightauth=pubkey
  right=%any
  rightsubnet=172.17.5.0/24
  ikelifetime=999h
  lifetime=985h
  margintime=5h
----


My ipsec.conf on the gateway is as follows
---
config setup

conn %default
  ikelifetime=60m
  keylife=20m
  rekeymargin=3m
  keyingtries=2

conn server
  compress=no
  type=tunnel
  auto=add
  keyexchange=ikev2
  left=%defaultroute
  leftid=@gateway
  leftsubnet=172.17.5.0/24
  leftcert=gateway.pem
  leftauth=pubkey
  leftfirewall=yes
  right=server.office.com
  rightauth=pubkey
  rightsubnet=0.0.0.0/0
  ikelifetime=999h
  lifetime=985h
  margintime=5h
---

I am using the default configs for strongswan.conf and charon.conf on my
office server and also on my gateway.

Once the VPN tunnels have been created I can do a wget or ping from my
gateway and I am seeing the traffic on my EC2 server.  However, I am not
able to ping my desktop and laptop from my gateway when the VPN tunnel is
created. I am able to ping them if the VPN tunnel is closed.

The gateway does not perform any NAT and I have flushed all entries from
iptables nat table.

If I close the VPN tunnel then I am able to ping the desktop and laptop
from the gateway. However, if I turn on the VPN tunnel then I am unable to
ping the devices.

Can any one suggest what might be wrong in the configuration, and which
routing rules do I need to add to get this setup working?

Thanks and Regards,
Ashwin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160321/061720db/attachment.html>