[strongSwan] After connection, the external IP address does not change
Moataz Elmasry
moataz.elmasry2 at gmail.com
Tue Jan 10 18:49:02 CET 2017
I got it working!!
It turned out that leftsubnet on the server and the right subnet on the
client has to be 0.0.0.0/0 (I thought it was the exact opposite).
Also I needed to masquarde or SNAT the traffic like:
iptables -t nat -A POSTROUTING -s 10.3.0.0/16 -o eth0 -j MASQUERADE
# or even better:
iptables -t nat -A POSTROUTING -s 10.3.0.0/16 -o eth0 -j SNAT --to
{EXTERNAL_IP}
server ipsec.conf:
conn pubkey
left={MY_SERVER}
leftsubnet=0.0.0.0/0
leftfirewall=yes
leftcert=vpnHostCert.der
leftauth=pubkey
leftsendcert=always
right=%any
rightsendcert=never
rightsourceip=10.3.0.0/16
rightdns=8.8.8.8,2001:4860:4860::8888
rightauth=eap-radius
auto=add
Client ipsec.conf:
conn pubkey
conn pubkey
keyexchange=ikev2
left=%defaultroute
leftsourceip=%config
leftauth=eap
leftfirewall=yes
leftid=sdfds23rfsdffddfddss
leftsubnet=0.0.0.0/0
right={MY_SERVER}
auto=add
rightauth=pubkey
rightca="C=DE, O=MYORG, CN=MYDOMAIN"
rightsubnet=10.1.0.0/16
Hope this helps anyone in the future
On 01/10/2017 03:33 PM, Moataz Elmasry wrote:
> Any ideas?
>
> It is quite weird that none of the traffic is being routed through my
> ISP IP and not through the VPN server IP
>
> Maybe the right subnet on the server ipsec.conf is wrong?
More information about the Users
mailing list