[strongSwan] Separate firewall/router and VPN systems
Robert Green
robert.green at wegolook.com
Mon Aug 20 23:23:27 CEST 2018
Hello All,
I may be doing something that isn't going to work easily. I am trying to
setup strongswan on a separate system than is on my firewall/router. This
separate system is also directly connected to the public internet. This is
to support a road warrior setup.
I currently have the windows 10 client connecting via certificates.
However when I connect the client I can not get traffic beyond the VPN
box. I can ping the internal interface but I can not ping into the network
or external clients.
I see the routes in the table 220 but they don't look right to me. I do
have the firewall rules turned on the config and those look to be
populating correctly.
/etc/ipsec.conf
config setup
# strictcrlpolicy=yes
# uniqueids = no
charondebug="cfg 2, dmn 2, ike 2, net 2"
conn remote-users
fragmentation=yes
ike=aes256-sha1-modp1024,3des-sha1-modp1024!
esp=aes256-sha1,3des-sha1!
left=%any
#leftsubnet=0.0.0.0/0
leftsubnet=192.168.0.0/16
leftcert=server_cert.pem
leftfirewall=yes
right=%any
rightdns=1.1.1.1, 8.8.8.8
rightsourceip=192.168.18.2-192.168.18.254
keyexchange=ikev2
#auto=add
auto=route
ip route show table 220
192.168.18.2 via 12.12.12.1 dev enp0s25 proto static src 192.168.1.198
My interfaces are:
enp0s25 -> 12.12.12.1 (public interface)
enp3s0 -> 192.168.1.198 (internal interface)
Primary gateway 192.168.0.1 (netmask /23)
This all has been sanitized. I have been beating my head against the wall
on this one. I know this is a routing issue but not sure how to properly
fix it.
Thank you,
--
Robert Green
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180820/70e92b91/attachment-0001.html>
More information about the Users
mailing list