[strongSwan] A little help with the configuration

xalloc xalloc at protonmail.com
Wed Apr 24 15:21:14 CEST 2019 

I have some news, looks like originally the connection wasn't really establishing. What I did to solve is removing the pool.
Now the connection works correctly, but the only thing I'm missing is setting our company DNS. As you can see on that pool I tried setting those DNS servers (it forces me to set "addrs" value, I really don't need it).

What should be the correct way to set DNS? I have no idea why the connection fails with that pool.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
Il giovedì, marzo 28, 2019 3:25 PM, xalloc <xalloc at protonmail.com> ha scritto:

> Sorry if I didn't explain properly this part in the OP, the gateway is an hardware firewall. We use its IPSEC.
> So no way to set that system value.
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> Il giovedì 28 marzo 2019 16:13, Brian Colby <brian.g.colby at gmail.com> ha scritto:
>
>> Did you add “sysctl net.ipv4.ip_forward=1” on the gateway, as described on the page I sent?
>>
>> On Mar 28, 2019, at 02:23, xalloc <xalloc at protonmail.com> wrote:
>>
>>> Do you mean forwarding client-side? I can't setup that, clients use both Windows and Linux, I need to provide them only the strongswan configuration. Everything should be handled only by Strongswan and the Gateway.
>>>
>>> Am I missing something on the page you linked?
>>>
>>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>>> Il mercoledì 27 marzo 2019 17:25, Brian Colby <brian.g.colby at gmail.com> ha scritto:
>>>
>>>> Hi Xalloc,
>>>>
>>>> If you’re connecting but not passing traffic, you may not have forwarding setup properly.  Have you checked out this page?  https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
>>>>
>>>> R/s,
>>>> Brian
>>>>
>>>> On Mar 27, 2019, at 02:48, xalloc <xalloc at protonmail.com> wrote:
>>>>
>>>>> Any kind soul please?
>>>>>
>>>>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>>>>> March 18 2019 10:18, xalloc <xalloc at protonmail.com> wrote:
>>>>>
>>>>>> Hello, I'm setting up swanctl configuration file to connect to my company VPN but I'm missing something.
>>>>>
>>>>>> [...]
>>>>>
>>>>>> From those messages seems it can connect but when I ping something (even DNS) nothing works.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190424/b857f96f/attachment.html>

More information about the Users mailing list