Hi,
I'm using StrongSwan on my OpenWRT based router to setup a VPN for my
roadwarrior iOS 5 using XAUTH with PSK.
My setup is like this:
My internal network:
Network and range 172.16.67.96/255.255.255.224 (172.16.67.96 -
172.16.67.126)Gateway 172.16.67.97DNS 172.16.67.97
My OpenWRT is the gateway with IP address 172.16.67.97 and it obtains an
external IP address assigned by my ISP. I'm using dyndns to get a proper name
for the external IP.
And my virtual IP range for roadwarrior is
Network and range 172.16.67.128/255.255.255.224 (172.16.67.129 - 172.16.67.158)
DNS 172.16.67.97
My current ipsec.conf looks like this:
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
conn ios type=tunnel keyexchange=ikev1 authby=xauthpsk
xauth=server left=%defaultroute leftsourceip=172.16.67.129
leftsubnet=0.0.0.0/0 leftfirewall=yes right=%any
rightsourceip=172.16.67.130/27 auto=add
My strongswan.conf looks like this:
# /etc/strongswan.conf - strongSwan configuration file
charon { dns1 = 172.16.67.97}
My ipsec.secrets file is setup properly. I could establish the VPN, a virtual
IP address of 172.16.67.131. When I try to ping from my OpenWRT router or any
internal LAN machine to the IP 172.16.67.131, it works.
I also have a SSH client in my iPhone, when I try to SSH to the internal LAN
(with both IP and DNS name), it failed. Seems like traffic can go from my
internal LAN to the iPhone but not vice versa. So it is not a problem with the
DNS. I think its either routing or firewall.
Checked my firewall configuration using iptables -L FORWARDING, I do see 2
rules being added after the tunnel is established, allowing incoming
172.16.67.131 to any and allowing any from internal LAN to 172.16.67.131.
Anyone knows what have I setup wrong? _______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
