[strongSwan] Simple VPN server as default gw setup

Noel Kuntze noel at familie-kuntze.de
Tue May 31 15:06:53 CEST 2016


Hello Geert,

You need to look at your complete iptables rule set (`iptables-save`).
It seems like you're not familiar with it, so learn about it.
And please keep it on the mailing list.

On 31.05.2016 15:02, Geert Geurts wrote:
> OK... that was a bit too early....
> The FORWARD chain had policy ACCEPT, putting a "iptables -A FORWARD
> --reject-with icmp-host-prohibited" brings me back to the previous...
> But I don't get it...
> Bringing up the connection adds 2 rules to the FORWARD chain, one "dir
> in pol ipsec reqid 4 proto esp" and one "dir out pol ipsec reqid 4
> proto esp", even adding a rule for "-s 10.1.0.0/24 -J ACCEPT" doesn't
> seem to catch the trafic...
> Any ideas?
>
>
>
> On Tue, May 31, 2016 at 2:45 PM, Geert Geurts <geert at verweggistan.eu> wrote:
>> > SWEET!!!
>> > iptables -a FORWARD -s 10.1.0.0/24 -j ACCEPT
>> >
>> > Live can be so simple!!!
>> >
>> > Thanks!
>> >
>> > On Tue, May 31, 2016 at 2:41 PM, Geert Geurts <geert at verweggistan.eu> wrote:
>>> >> Hi Noel!
>>> >> Probably you're right!! :D
>>> >> I only don't have an idea how to see this or how to test this. Could
>>> >> you please advice?
>>> >>
>>> >> Thanks!!
>>> >>
>>> >> Regards,
>>> >> Geert
>>> >>
>>> >> On Tue, May 31, 2016 at 2:38 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>>>> >>> Hello Geert,
>>>> >>>
>>>> >>> On 31.05.2016 14:29, Geert Geurts wrote:
>>>>> >>>> Problem is trying to ping google.nl from CLIENT, I get a response from
>>>>> >>>> 1.2.3.4 "Destination Host Prohibited".
>>>> >>>
>>>> >>> That looks like your iptables rules prohibit forwarding of IP packets to that host.
>>>> >>>
>>>> >>> Configure your iptables rules correctly and check any firewall you operate on the network path
>>>> >>>
>>>> >>> to google.nl.
>>>> >>>
>>>> >>> --
>>>> >>>
>>>> >>> Mit freundlichen Grüßen/Kind Regards,
>>>> >>> Noel Kuntze
>>>> >>>
>>>> >>> GPG Key ID: 0x63EC6658
>>>> >>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>>>> >>>
>>>> >>>


-- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160531/4a7dc7fd/attachment.sig>


More information about the Users mailing list