[strongSwan] Routing between two remote sites
VTwin Farriers
vtwin at cox.net
Fri Jan 28 02:53:04 CET 2022
> The iptables rules/nftables rules, specifically NAT rules also apply to traffic that is supposed to be tunneled because the criteria the NAT rules ususally have do not take into account if there are XFRM policies for the packets or not.
>
I had previously added the postrouting rule to my /etc/sysconfig/iptables:
-A POSTROUTING -m policy --pol ipsec --dir out -j ACCEPT
this did not make a difference, I could not ping anything over the vpn link.
I think I'm going to have to just hang this up and look for an alternative VPN solution, like the openvpn binaries included with CentOS. Unfortunately strongswan is proving too difficult to get working and I do not have the necessary technical background to figure out why its not working, and the various online guides/wiki assume a degree of technical knowledge I just do not have to fully understand.
Thank you for all your help,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20220127/69468736/attachment-0001.html>
More information about the Users
mailing list