[strongSwan] Separate firewall/router and VPN systems
robert.green at wegolook.com
Mon Aug 20 23:23:27 CEST 2018
I may be doing something that isn't going to work easily. I am trying to
setup strongswan on a separate system than is on my firewall/router. This
separate system is also directly connected to the public internet. This is
to support a road warrior setup.
I currently have the windows 10 client connecting via certificates.
However when I connect the client I can not get traffic beyond the VPN
box. I can ping the internal interface but I can not ping into the network
or external clients.
I see the routes in the table 220 but they don't look right to me. I do
have the firewall rules turned on the config and those look to be
# uniqueids = no
charondebug="cfg 2, dmn 2, ike 2, net 2"
ip route show table 220
192.168.18.2 via 18.104.22.168 dev enp0s25 proto static src 192.168.1.198
My interfaces are:
enp0s25 -> 22.214.171.124 (public interface)
enp3s0 -> 192.168.1.198 (internal interface)
Primary gateway 192.168.0.1 (netmask /23)
This all has been sanitized. I have been beating my head against the wall
on this one. I know this is a routing issue but not sure how to properly
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users