Thanks for suggestion. I'm running vpn server on a asus router (RT-AC66U, custom FW - Merlin build) and "ip forward" is already enabled
cat /proc/sys/net/ipv4/ip_forward 1 If I execute iptables command, I get: iptables -A POSTROUTING -t NAT -j SNAT --to-source 192.168.0.10 iptables v1.3.8: can't initialize iptables table `NAT': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. Looks like I'm missing some modules. I've checked NAT Passthrough settings in router administration console and it's enabled for: PPTP Passthrough L2TP Passthrough IPSec Passthrough RTSP Passthrough H.323 Passthrough SIP Passthrough Any other suggestions ? Another thing, when I start ipsec, I get following message: ipsec start Starting strongSwan 5.0.4 IPsec [starter]... '/lib/modules/2.6.22.19/kernel/net/ipv4/xfrm4_tunnel.ko': unknown symbol in module, or unknown parameter But server starts anyway. Should I ignore this error ? L On Sun, Nov 3, 2013 at 5:20 AM, Lawrence Chiu <[email protected]>wrote: > I had a similar problem when I got started with Strongswan. I could > connect to the VPN, but couldn't browse anything. I fixed it with this: > > http://superuser.com/questions/648283/strongswan-ipsec-vpn-for-windows-7-road-warrior-config > > > On 11/2/2013 1:32 PM, Luka wrote: > > Hi. > Can someone help me with strong swan configuration. I would like to access > home network from my iPhone. > I've setup config(certificates, etc...), following this guide: > http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple) > > I can connect to VPN from iPhone, but I can't access home network or > internet. > My home network has following settings: > Subnet mask: 255.255.255.0 > Router ip(local ip of vpn server): 192.168.2.1 > Other devices ip range is 192.168.2.X > ipsec.conf file: > > conn ios > > keyexchange=ikev1 > > authby=xauthrsasig > > xauth=server > > left=%defaultroute > > leftsubnet=0.0.0.0/0 > > leftcert=serverLupoCert.pem > > right=%any > > rightsubnet=10.0.0.0/24 > > rightsourceip=10.0.0.2 > > rightcert=clientCert.pem > > auto=add > > > I probably need to change left/right subnet and source IPs ? > > > Thanks > > > _______________________________________________ > Users mailing [email protected] > https://lists.strongswan.org/mailman/listinfo/users > > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
