Hi Techies,
I am in a severe problem with the help of andreas and my grey
cells we made the iphone working for ipsec too but the thing is I am not
able to browse when I connect to isec vpn from iphone wiht xauth + psk. I
have masquerading enabled and this rule works fine for l2tp + ipsec.
When I see on iphone and mac book I don't get a dns ip from strongswan
ipsec. Is there any parameter to manually push the dns from ipsec.conf.
Please help me ASAP I am stucked due to this.
Thanks,
Alok
On Tue, Sep 8, 2009 at 8:36 PM, Alok Thaker <alok.a...@gmail.com> wrote:
> What could the possible resolutions I checked the command comes from ipsec
> which is from /usr/local/sbin/ipsec and it reads the
> /usr/local/etc/ipsec.conf created by strongswan, I am awaiting for your
> answer for the dns and internet browsing.
>
> And if strongswan-4.3.5 is introduced what how would we define it. It is
> very urgent for me to atleast make the internet running
>
> Thanks,
> Alok
>
>
>
>
> On Tue, Sep 8, 2009 at 11:01 AM, Andreas Steffen <
> andreas.stef...@strongswan.org> wrote:
>
>> Hi Alok,
>>
>> strongSwan doesn't have an ipsec verify command and does not
>> enable opportunistic encryption by default. I think you
>> got that from an earlier Openswan installation.
>>
>> Currently the IKEv1 pluto daemon does not support virtual
>> IP pools yet. This feature will be introduced with the
>> 4.3.5 release in November. Currently you have to define
>> one connection for each iphone client.
>>
>> Best regards
>>
>> Andreas
>>
>> Alok Thaker wrote:
>> > Hi Andreas,
>> >
>> > I fired command ipsec verify it shows opportunitistic
>> encryptions
>> > checks on is that might be the reason for not allowing client to browse
>> > internet and if i have kept rightsourceip=some ip it wld be used for all
>> > iphone clients simultaneously, can i give a range of ip to it or not.
>> >
>> > Please help on this issue.
>> >
>> > Thanks,
>> > Alok
>> >
>> > On Tue, Sep 8, 2009 at 7:43 AM, Alok Thaker <alok.a...@gmail.com>
>> wrote:
>> >
>> >> Hi Andreas,
>> >>
>> >> No still iphone clients can connect to strongswan but can't browse, I
>> also
>> >> added that rule but it isn't working.
>> >>
>> >> Thanks,
>> >> Alok
>> >>
>> >>
>> >> On Mon, Sep 7, 2009 at 8:39 AM, Alok Thaker <alok.a...@gmail.com>
>> wrote:
>> >>
>> >>> Would test and let you know andreas at present there is an internet
>> >>> downtime at my office. I am sending this message from my blackberry.
>> >>>
>> >>> Would let u know if this works or not in some time.
>> >>>
>> >>> Thanks,
>> >>> Alok
>> >>>
>> >>>
>> >>> On Mon, Sep 7, 2009 at 8:23 AM, andi <andreas.stef...@strongswan.org
>> >wrote:
>> >>>
>> >>>> Could you try to exempt traffic to be tunneled from masquerading by
>> >>>> inserting the following rule:
>> >>>>
>> >>>> iptables -t nat -I POSTROUTING 1 -o eth0 -m policy --dir out --pol
>> ipsec
>> >>>> --proto esp -j ACCEPT
>> >>>>
>> >>>> Andreas
>> >>>>
>> >>>> On Mon, 7 Sep 2009 08:18:51 -0400, Alok Thaker <alok.a...@gmail.com>
>> >>>> wrote:
>> >>>>> Here it is Anderas.
>> >>>>>
>> >>>>> iptables -v -n -t nat -L POSTROUTING
>> >>>>> Chain POSTROUTING (policy ACCEPT 188 packets, 13511 bytes)
>> >>>>> pkts bytes target prot opt in out source
>> >>>>> destination
>> >>>>> 122 15835 MASQUERADE all -- * eth0 0.0.0.0/0
>> >>>>> 0.0.0.0/0
>> >>>>> 113K 8162K MASQUERADE all
>> >>>> --
>>
>> ======================================================================
>> Andreas Steffen andreas.stef...@strongswan.org
>> strongSwan - the Linux VPN Solution! www.strongswan.org
>> Institute for Internet Technologies and Applications
>> University of Applied Sciences Rapperswil
>> CH-8640 Rapperswil (Switzerland)
>> ===========================================================[ITA-HSR]==
>>
>
>
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
