Hi Techies, I am in a severe problem with the help of andreas and my grey cells we made the iphone working for ipsec too but the thing is I am not able to browse when I connect to isec vpn from iphone wiht xauth + psk. I have masquerading enabled and this rule works fine for l2tp + ipsec.
When I see on iphone and mac book I don't get a dns ip from strongswan ipsec. Is there any parameter to manually push the dns from ipsec.conf. Please help me ASAP I am stucked due to this. Thanks, Alok On Tue, Sep 8, 2009 at 8:36 PM, Alok Thaker <alok.a...@gmail.com> wrote: > What could the possible resolutions I checked the command comes from ipsec > which is from /usr/local/sbin/ipsec and it reads the > /usr/local/etc/ipsec.conf created by strongswan, I am awaiting for your > answer for the dns and internet browsing. > > And if strongswan-4.3.5 is introduced what how would we define it. It is > very urgent for me to atleast make the internet running > > Thanks, > Alok > > > > > On Tue, Sep 8, 2009 at 11:01 AM, Andreas Steffen < > andreas.stef...@strongswan.org> wrote: > >> Hi Alok, >> >> strongSwan doesn't have an ipsec verify command and does not >> enable opportunistic encryption by default. I think you >> got that from an earlier Openswan installation. >> >> Currently the IKEv1 pluto daemon does not support virtual >> IP pools yet. This feature will be introduced with the >> 4.3.5 release in November. Currently you have to define >> one connection for each iphone client. >> >> Best regards >> >> Andreas >> >> Alok Thaker wrote: >> > Hi Andreas, >> > >> > I fired command ipsec verify it shows opportunitistic >> encryptions >> > checks on is that might be the reason for not allowing client to browse >> > internet and if i have kept rightsourceip=some ip it wld be used for all >> > iphone clients simultaneously, can i give a range of ip to it or not. >> > >> > Please help on this issue. >> > >> > Thanks, >> > Alok >> > >> > On Tue, Sep 8, 2009 at 7:43 AM, Alok Thaker <alok.a...@gmail.com> >> wrote: >> > >> >> Hi Andreas, >> >> >> >> No still iphone clients can connect to strongswan but can't browse, I >> also >> >> added that rule but it isn't working. >> >> >> >> Thanks, >> >> Alok >> >> >> >> >> >> On Mon, Sep 7, 2009 at 8:39 AM, Alok Thaker <alok.a...@gmail.com> >> wrote: >> >> >> >>> Would test and let you know andreas at present there is an internet >> >>> downtime at my office. I am sending this message from my blackberry. >> >>> >> >>> Would let u know if this works or not in some time. >> >>> >> >>> Thanks, >> >>> Alok >> >>> >> >>> >> >>> On Mon, Sep 7, 2009 at 8:23 AM, andi <andreas.stef...@strongswan.org >> >wrote: >> >>> >> >>>> Could you try to exempt traffic to be tunneled from masquerading by >> >>>> inserting the following rule: >> >>>> >> >>>> iptables -t nat -I POSTROUTING 1 -o eth0 -m policy --dir out --pol >> ipsec >> >>>> --proto esp -j ACCEPT >> >>>> >> >>>> Andreas >> >>>> >> >>>> On Mon, 7 Sep 2009 08:18:51 -0400, Alok Thaker <alok.a...@gmail.com> >> >>>> wrote: >> >>>>> Here it is Anderas. >> >>>>> >> >>>>> iptables -v -n -t nat -L POSTROUTING >> >>>>> Chain POSTROUTING (policy ACCEPT 188 packets, 13511 bytes) >> >>>>> pkts bytes target prot opt in out source >> >>>>> destination >> >>>>> 122 15835 MASQUERADE all -- * eth0 0.0.0.0/0 >> >>>>> 0.0.0.0/0 >> >>>>> 113K 8162K MASQUERADE all >> >>>> -- >> >> ====================================================================== >> Andreas Steffen andreas.stef...@strongswan.org >> strongSwan - the Linux VPN Solution! www.strongswan.org >> Institute for Internet Technologies and Applications >> University of Applied Sciences Rapperswil >> CH-8640 Rapperswil (Switzerland) >> ===========================================================[ITA-HSR]== >> > > _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users