[strongSwan] is it stongswan or local firewall ?
peljasz at yahoo.co.uk
Thu Aug 17 17:27:10 CEST 2017
On 17/08/17 16:04, lejeczek wrote:
> On 16/08/17 15:23, Tobias Brunner wrote:
>>> What should I be looking at?
>> Start with reading , which also links to .
> I was reading it - can I ask: does it work without nat?
> I'm not quite sure which scenario is mine.
> I would like to not use, I think I do not need, NAT.
> I have simple:
> client(here with NAT, with 192.168.2.100) <=>
> server(192.168.2.200, no NAT)
> (rightsourceip=10.5.10.220,10.5.10.221) and local net
> and I hope that(without NAT on the server/gateway) a
> client could go via server to 10.5.10.0/24 subnet(& vice
> versa), which it does now, with a ping.
> My best guest is - filewall on the server since it allows
> ping but nothing else.
> So I tried:
> $ iptables -A FORWARD --match policy --pol ipsec --dir
> out(&in) --proto esp -s 10.5.6.0/24 -j ACCEPT
> but if that's all then I don't know where to stick these
> in because it does not help.
> Just started whole vpn thing.
> thx, L.
ok, those rules should go higher up in the FORWARD chain(in
my case), works now, thanks!
More information about the Users