[strongSwan] Simple road warrior setup no longer routing after upgrade
jlay at slave-tothe-box.net
Thu Jul 26 02:33:15 CEST 2018
On Wed, 2018-07-25 at 06:53 -0600, James Lay wrote:
> On 2018-07-24 06:51, Tobias Brunner wrote:Hi James,
> So I moved to Strongswan 5.6.2 during a distribution upgrade.
> What distribution? What was the previous version? Do you still
> havethe same plugins installed and enabled?
> My simplesetup no longer routes back to the client (I can see the
> incoming pingson the server, but nothing goes back). I establish a
> tunnel fine...mysetup looks like this:
> external_IP_nic2 <-> 192.168.1.1_nic2 192.168.1.0/24 subnet
> all I need is to have a connected device able to
> access192.168.1.1...and it's only a single user.
> Please read . From the involved IPs I guess you used the farp
> pluginbefore, so make sure you still have that installed and loaded.
> Thanks Tobias...I have access to the old server so I'll see what's
> there...I don't recall installing any other plugins, but we shall
> see. I'll report my findings soon..thanks again.
So now I'm super confused. I changed to the below:
and added the below top 2 postrouting nat rules:
pkts bytes target prot opt
in out source destination
0 0 ACCEPT all
-- * * 0.0.0.0/0 0.0.0.0/0 policy
match dir out pol ipsec
0 0 MASQUERADE all
-- * enp0s31f6 172.16.0.1 0.0.0.0/0
24519 1646K MASQUERADE all
-- * ppp0 192.168.1.0/24 0.0.0.0/0
However when I attempt to ping, I see the ping on the ppp0 interface,
and the source isn't 172.16.0.1:
2018-07-25 18:26:37.085194521 22.214.171.124 → 192.168.1.1 ICMP 100 Echo
(ping) request id=0x0004, seq=1/256, ttl=64
Not exactly sure where to go next. I did install the extra plugins
that include farp as well. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users