[strongSwan] Simple road warrior setup no longer routing after upgrade

James Lay jlay at slave-tothe-box.net
Thu Jul 26 02:33:15 CEST 2018

On Wed, 2018-07-25 at 06:53 -0600, James Lay wrote:
> On 2018-07-24 06:51, Tobias Brunner wrote:Hi James,
> So I moved to Strongswan 5.6.2 during a distribution upgrade.
> What distribution?  What was the previous version?  Do you still
> havethe same plugins installed and enabled?
> My simplesetup no longer routes back to the client (I can see the
> incoming pingson the server, but nothing goes back). I establish a
> tunnel fine...mysetup looks like this:
> external_IP_nic2 <-> subnet
> all I need is to have a connected device able to
> access192.168.1.1...and it's only a single user.
> Please read [1].  From the involved IPs I guess you used the farp
> pluginbefore, so make sure you still have that installed and loaded.
> Regards,Tobias
> [1]https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAnd
> SplitTunneling
> Thanks Tobias...I have access to the old server so I'll see what's
> there...I don't recall installing any other plugins, but we shall
> see.  I'll report my findings soon..thanks again.
> James

So now I'm super confused.  I changed to the below:

conn rw	

and added the below top 2 postrouting nat rules:
 pkts bytes target     prot opt
in     out     source               destination         
    0     0 ACCEPT     all  
--  *      *              policy
match dir out pol ipsec
    0     0 MASQUERADE  all  
--  *      enp0s31f6            
24519 1646K MASQUERADE  all  
--  *      ppp0           

However when I attempt to ping, I see the ping on the ppp0 interface,
and the source isn't
2018-07-25 18:26:37.085194521 → ICMP 100 Echo
(ping) request  id=0x0004, seq=1/256, ttl=64

Not exactly sure where to go next.  I did install the extra plugins
that include farp as well.  Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180725/c206fd83/attachment.html>

More information about the Users mailing list