[strongSwan] is it stongswan or local firewall ?

lejeczek peljasz at yahoo.co.uk
Thu Aug 17 17:04:06 CEST 2017

On 16/08/17 15:23, Tobias Brunner wrote:
> Hi,
>> What should I be looking at?
> Start with reading [1], which also links to [2].
> Regards,
> Tobias
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests
> [2]
> https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
I was reading it - can I ask: does it work without nat?
I'm not quite sure which scenario is mine.
I would like to not use, I think I do not need, NAT.
I have simple:

  client(here with NAT, with <=> 
server(, no NAT) 
(rightsourceip=, and local net

and I hope that(without NAT on the server/gateway) a client 
could go via server to subnet(& vice versa), 
which it does now, with a ping.
My best guest is - filewall on the server since it allows 
ping but nothing else.
So I tried:

$ iptables -A FORWARD --match policy --pol ipsec --dir 
out(&in) --proto esp -s -j ACCEPT

but if that's all then I don't know where to stick these in 
because it does not help.
Just started whole vpn thing.
thx, L.

More information about the Users mailing list