Re: [strongSwan] Strongswan VPN gateway
Hi, How are you sharing your VPN with others? Did you change the routing on your internal network and on the VPN server (it has 2 NICs, right?)? Did you set *net.ipv4.ip_forward=1* and *net.ipv6.conf.all.forwarding=1* on /*etc/sysctl.conf* ? Try to add (in ipsec.conf): installpolicy=yes leftfirewall=yes Did you try to run tcpdump to see if the traffic arrives to the VPN server? Regards, http://devops101.net On Tue, Jul 21, 2020, 12:46 PM Nirvanet wrote: > Hi all, > > I am looking to setup a VPN gateway with Strongswan on my LAN and share my > anonymous VPN service. > > I have 2 nics, the VPN tunnel is up but I am struggling to share this > connection with my LAN. > > What’s the main steps to achieve this? > NAT, some routes in table 220, tunnel interface? I tried everything > without any success... > > Is there by chance a “how-to” somewhere? > > Thanks all for your help > > >
[strongSwan] Strongswan VPN gateway
Hi all, I am looking to setup a VPN gateway with Strongswan on my LAN and share my anonymous VPN service. I have 2 nics, the VPN tunnel is up but I am struggling to share this connection with my LAN. What’s the main steps to achieve this? NAT, some routes in table 220, tunnel interface? I tried everything without any success... Is there by chance a “how-to” somewhere? Thanks all for your help
Re: [strongSwan] StrongSwan VPN Gateway
Well, I don't need anything from you (unless you pay me to configure it for you). YOU need to gather your requirements and choose one of the possible authentication methods and then configure it. In either case: 1) Configure the IP addresses 2) Set up authentication 3) Configure the local traffic selector and the remote one on both sides 4) Make the tunnel come up 5) Deal with any errors 6) Make this permanent On 03.05.2017 17:01, Paul McEwan wrote: > OK, that's good that it's possible > > What exact information do I need to provide to see what needs to be done? > > -Original Message- > From: Noel Kuntze [mailto:noel.kuntze@thermi.consulting] > Sent: Wednesday, May 3, 2017 10:27 AM > To: Paul McEwan <pmce...@energywebnetwork.com>; users@lists.strongswan.org > Subject: Re: [strongSwan] StrongSwan VPN Gateway > > > > On 03.05.2017 05:37, Paul McEwan wrote: >> I'm using StrongSwan U5.3.5/K4.4.0-24-generic on Ubuntu Linux 16.0.4 (x64) >> and have successfully connected to multiple site to site VPN's. I can >> access everything without issues when I'm on the StrongSwan Linux box. >> However, I have some Windows Server 2012 R2 servers on the same local >> network, and I'd like to use the StrongSwan server as a gateway so the >> Windows servers can access the networks connected to by StrongSwan. Is this >> possible? > Yes. Particularities depend on the exact requirements. > >> And if so, is there a procedure outlining how to do it? > No, because it's a boring standard procedure that doesn't differ in any way > from any other IKE software. There's no need to describe every possible > combination of software, unless there are any actual problems. But even then, > only the problems and the solutions need to be listed. > > signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] StrongSwan VPN Gateway
OK, that's good that it's possible What exact information do I need to provide to see what needs to be done? -Original Message- From: Noel Kuntze [mailto:noel.kuntze@thermi.consulting] Sent: Wednesday, May 3, 2017 10:27 AM To: Paul McEwan <pmce...@energywebnetwork.com>; users@lists.strongswan.org Subject: Re: [strongSwan] StrongSwan VPN Gateway On 03.05.2017 05:37, Paul McEwan wrote: > I'm using StrongSwan U5.3.5/K4.4.0-24-generic on Ubuntu Linux 16.0.4 (x64) > and have successfully connected to multiple site to site VPN's. I can access > everything without issues when I'm on the StrongSwan Linux box. However, I > have some Windows Server 2012 R2 servers on the same local network, and I'd > like to use the StrongSwan server as a gateway so the Windows servers can > access the networks connected to by StrongSwan. Is this possible? Yes. Particularities depend on the exact requirements. > And if so, is there a procedure outlining how to do it? No, because it's a boring standard procedure that doesn't differ in any way from any other IKE software. There's no need to describe every possible combination of software, unless there are any actual problems. But even then, only the problems and the solutions need to be listed. -- Noel Kuntze IT security consultant GPG Key ID: 0x0739AD6C Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
[strongSwan] StrongSwan VPN Gateway
I'm using StrongSwan U5.3.5/K4.4.0-24-generic on Ubuntu Linux 16.0.4 (x64) and have successfully connected to multiple site to site VPN's. I can access everything without issues when I'm on the StrongSwan Linux box. However, I have some Windows Server 2012 R2 servers on the same local network, and I'd like to use the StrongSwan server as a gateway so the Windows servers can access the networks connected to by StrongSwan. Is this possible? And if so, is there a procedure outlining how to do it? ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users