HI Martin,
I have no firewall with a DROP packet implemented and currently the packets are
not being dropped they are being sent out the public interface where my only
default route lies.
* Do you have IP forwarding enabled on the VPN gateway?
(/proc/sys/net/ipv4/ip_forward)
yes
* Do you have a proper route on the gateway for the private
network?
This I do not have. However every time I set a default route on the private
network I cannot connect. I am going to try and manipulate the routing table to
get this to work now instead of IPTABLES
* Do the hosts on the network have a proper route over the gateway
to the virtual IPs you assign?
Currently after the tunnel is established I can ping the private interface of
the GW, but as soon as I go outside of that I try and ping lets say the default
GW for the private network the packets get routed out my public interface and
they are not NAT'd.
Regards,
Adrian Milanoski
Lab Administrator
BBOS WiFI VPN Dev. Security Testing
Research In Motion Limited
Tel.(289) 261-5801 | Cell: 647-289-6995
Email [email protected]
-----Original Message-----
From: Martin Willi [mailto:[email protected]]
Sent: Friday, December 07, 2012 4:07 AM
To: Adrian Milanoski
Cc: [email protected]
Subject: Re: [strongSwan] Routing Polices with IPTABLES not working
Hi Adrian,
> Why is it so difficult to get these packets flowing from the tunnel to
> the private network? I thought the certain commands were to add rules
> in to the IPtables and remove them when the tunnel is torn down.
Unless you have a firewall with default DROP policies, you don't need any
iptables entries. If you have a restrictive firewall, I'd recommend to open it
for testing, and once it works, have a look at the leftfirewall ipsec.conf
option.
* Do you have IP forwarding enabled on the VPN gateway?
(/proc/sys/net/ipv4/ip_forward)
* Do you have a proper route on the gateway for the private
network?
* Do the hosts on the network have a proper route over the gateway
to the virtual IPs you assign?
If this all looks OK, I'd try to analyze which packets get dropped (from VPN
clients to your private network, or from your private network to the VPN
clients?).
Regards
Martin
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential
information, privileged material (including material protected by the
solicitor-client or other applicable privileges), or constitute non-public
information. Any use of this information by anyone other than the intended
recipient is prohibited. If you have received this transmission in error,
please immediately reply to the sender and delete this information from your
system. Use, dissemination, distribution, or reproduction of this transmission
by unintended recipients is not authorized and may be unlawful.
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
