Noel Kuntze
Thank you for your reply.
Now Internal computers (10.10.10.24) can access 192.168.1.1 and the
IP -192.168.1.1 can access internal computers too .
Just only the VPN user cannot access internet via 59.37.a.b
Is the ip route and iptables command is issue the communication of
internal and vpn among ?
-----邮件原件-----
发件人: Noel Kuntze [mailto:n...@familie-kuntze.de]
发送时间: 2014年2月19日 21:57
收件人: Huang, Zhenxing
抄送: users@lists.strongswan.org
主题: Re: [strongSwan] VPN user use internet
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Huang,
That probably is an issue with the computers on your internal network not
having a route to the VPN user's subnet.
One solution to that is to install a route to 192.168.1.0/24 via 10.10.10.254
(your strongswan box) on the default router of the internal network.
The command for the route would be like this:
ip route add 192.168.1.0/24 via 10.10.10.254
Note that this has to be run on the default router of the 10.10.10.0/24 network!
Another solution is to NAT the VPN user's IPs on the strongSwan host towards
the internal network.
A command for that could be: iptables -I POSTROUTING -t nat -s 192.168.1.1/24
-d 10.10.10.0/24 -j MASQUERADE
There is more information about this on the strongSwan website:
http://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
Regards
Noel Kuntze
On 19.02.2014 14:48, Huang, Zhenxing wrote:
>
> HI.guy
>
> Our network is
>
> internal(10.10.10.0/24)---------( 10.10.10.254) strongswan
> (59.37.a.b)------------- internet ------------ vpn user(VPN IP : 192.168.1.1)
>
> Now the vpn user can access internal resource ; but it can’t access internet。
>
>
> How to setup the route ?
>
>
> Thank you a lot !
>
>
>
> _______________________________________________
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJTBLgaAAoJEDg5KY9j7GZYwEAP/1RyeC2ZGZFnyfO2aLxGQDp+
4J0oQ7GD0R65U9S2lnlXueWBF8mH0jqXMfCA9dfzAy7wlxZIaZNAsI6sP4buiDWi
SmAxYSmlnY9ZnskmXd9KLoIKlNh6TP5SuDmxQGcNN+Cda3t09lcz3wC68wb2QEjO
LWyu/MxJGvrG4pIO5CIzEAbr0VfyE5UoC21jaRJ716Sf82o4H9a1YM03bmGvQjTA
OmmJxvOhMo2NGMOggxnTw72zx0Dclde5I/279hRwDZe5hLX7et11vLQkWpM1OKwI
9iSXJDV6iIT8bQgS1Z3pNwHN/oBGP7DcHiNwm6OU/EfnL+QWgGimyAqM5TujsFCG
Dt0x2jAYbZISoRlUkhmnqgZdSdUZMlKliGHRpZAc7XC6iHd8qdgz9F+Ru8xfOzgo
2XOlOvqMb2l167DPMvB23JSyGOn+B8GvCkuHXhVEH1YGQovk/hvMRoTtto03oUtE
EA6FTixoXQ+44lKMlywd9hGft1X7+vnkU6PKcWjkyFTHYCs4PfYkoeoSuZyiKH5c
WjK1t04fuLOfwIP+Ilr+txhovssBbccm1Zrndx7cqYNk1mJ7Z2f2AxwOBwQ8Cv5M
JS2j5y6hMDtaRYaI/eeFa0gsO26cyqTnEl+2I5T/4Yxmo8xvVPQ+HSxkU4m6PVaA
y+LLr9gAW8tvVGGR4MQu
=gc5P
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
