[strongSwan] is it stongswan or local firewall ?
lejeczek
peljasz at yahoo.co.uk
Thu Aug 17 17:27:10 CEST 2017
On 17/08/17 16:04, lejeczek wrote:
>
>
> On 16/08/17 15:23, Tobias Brunner wrote:
>> Hi,
>>
>>> What should I be looking at?
>> Start with reading [1], which also links to [2].
>>
>> Regards,
>> Tobias
>>
>> [1]
>> https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests
>>
>> [2]
>> https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
>>
> I was reading it - can I ask: does it work without nat?
> I'm not quite sure which scenario is mine.
> I would like to not use, I think I do not need, NAT.
> I have simple:
>
> client(here with NAT, with 192.168.2.100) <=>
> server(192.168.2.200, no NAT)
> (rightsourceip=10.5.10.220,10.5.10.221) and local net
> 10.5.10.0/24
>
> and I hope that(without NAT on the server/gateway) a
> client could go via server to 10.5.10.0/24 subnet(& vice
> versa), which it does now, with a ping.
> My best guest is - filewall on the server since it allows
> ping but nothing else.
> So I tried:
>
> $ iptables -A FORWARD --match policy --pol ipsec --dir
> out(&in) --proto esp -s 10.5.6.0/24 -j ACCEPT
>
> but if that's all then I don't know where to stick these
> in because it does not help.
> Just started whole vpn thing.
> thx, L.
>
>
ok, those rules should go higher up in the FORWARD chain(in
my case), works now, thanks!
More information about the Users
mailing list