Hello You may need to set a route on your default gateway (192.168.1.254) to your strongswan gateway (192.168.1.51) for the ipad-network (10.8.0.0/24) so received packets can be routed to your ipda.
Cheers Uli > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 27 Nov 2011 23:54:24 +0100 (CET) > From: [email protected] > Subject: [strongSwan] iphone/ipad get connection but no internet > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset="utf-8" > > hello, > > i'm new to strongswan and try to use it for my ipad and iphone to access my > lan (i have openvpn running on my windows boxes (client) and the openvpn > server on the same box as the ipsec but with ipsec i can connect but only > this box where ipsec is on - so it looks like the config from the wiki > http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple) works for > connecting but not for accessing any other box on my lan than the box where > ipsec is on. > > iphone ---> xx.dyndns.org (router IP: 192.168.1.254) --> port 500/4500 are > routed to 192.168.1.51 where strongswan is running on > > my config looks like this: > > ipsec.conf: > > config setup > # plutodebug=all > # crlcheckinterval=600 > # strictcrlpolicy=yes > # cachecrls=yes > nat_traversal=yes > # charonstart=yes > plutostart=yes > > # Add connections here. > > conn ios > keyexchange=ikev1 > authby=xauthrsasig > xauth=server > left=%defaultroute > leftsubnet=0.0.0.0/0 > # left=hohaso.dyndns.org > leftfirewall=yes > leftcert=serverCert.pem > right=%any > # rightsubnet=10.8.0.0/24 > # rightsourceip=10.8.0.5 > rightsubnet=192.168.1.0/24 > rightsourceip=192.168.1.11 > rightcert=clientCert.pem > pfs=no > auto=add > > i tried here to use the lan ip's as well but some result not difference for > 10 or 192 network > > strongswan.conf > > charon { > > # number of worker threads in charon > threads = 16 > > # plugins to load in charon > load = aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509 stroke > > # plugins { > > # sql { > # loglevel to log into sql database > # loglevel = -1 > > # URI to the database > # database = sqlite:///path/to/file.db > # database = mysql://user:password@localhost/database > # } > # } > > # ... > } > > pluto { > > # plugins to load in pluto > # load = aes des sha1 md5 sha2 hmac gmp random pubkey > dns1 = 192.168.1.254 > } > > libstrongswan { > > # set to no, the DH exponent size is optimized > # dh_exponent_ansi_x9_42 = no > } > > so within the log file all looks ok i guess? > > Nov 27 23:52:02 holli-nas-2 pluto[31618]: | NAT-T: new mapping > 46.207.255.74:22256/5848) > Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: > sent MR3, ISAKMP SA established > Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: > sending XAUTH request > Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: > parsing XAUTH reply > Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: > extended authentication was successful > Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: > sending XAUTH status > Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: > parsing XAUTH ack > Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: > received XAUTH ack, established > Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: > parsing ModeCfg request > Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: > unknown attribute type (28683) > Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: > peer requested virtual IP %any > Nov 27 23:52:02 holli-nas-2 pluto[31618]: reassigning offline lease to 'holli' > Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: > assigning virtual IP 10.8.0.5 to peer > Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: > sending ModeCfg reply > Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: > sent ModeCfg reply, established > Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #4: > responding to Quick Mode > Nov 27 23:52:03 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #4: > IPsec SA established {ESP=>0x0174e0da <0xccf7980d NATOA=0.0.0.0} > > and on the iphone i get a welcome with success but i can only access the box > where ipsec is on so what is the trick to access all boxes on the lan and > have also access to the internet? > > thanks > holli >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
