[strongSwan] is it stongswan or local firewall ?
lejeczek
peljasz at yahoo.co.uk
Thu Aug 17 17:04:06 CEST 2017
On 16/08/17 15:23, Tobias Brunner wrote:
> Hi,
>
>> What should I be looking at?
> Start with reading [1], which also links to [2].
>
> Regards,
> Tobias
>
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests
> [2]
> https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
I was reading it - can I ask: does it work without nat?
I'm not quite sure which scenario is mine.
I would like to not use, I think I do not need, NAT.
I have simple:
client(here with NAT, with 192.168.2.100) <=>
server(192.168.2.200, no NAT)
(rightsourceip=10.5.10.220,10.5.10.221) and local net
10.5.10.0/24
and I hope that(without NAT on the server/gateway) a client
could go via server to 10.5.10.0/24 subnet(& vice versa),
which it does now, with a ping.
My best guest is - filewall on the server since it allows
ping but nothing else.
So I tried:
$ iptables -A FORWARD --match policy --pol ipsec --dir
out(&in) --proto esp -s 10.5.6.0/24 -j ACCEPT
but if that's all then I don't know where to stick these in
because it does not help.
Just started whole vpn thing.
thx, L.
More information about the Users
mailing list