Hi, > iptables -A PREROUTING -p 50 -d $EXTIP -j DNAT --to-destination 192.168.7.1 > iptables -A PREROUTING -p 51 -d $EXTIP -j DNAT --to-destination 192.168.7.1
You probably won't need ESP/AH forwarding rules, as in your NAT situation all traffic is UDP encapsulated over ports 500/4500. > and ipsec statusall is: > Security Associations (0 up, 0 connecting): Your "ipsec statusall" shows no active connections. No client currently connected? > The problem that I have is that I am able to ping the network computers > (i.e. 192.168.7.5) but I am unable to ping the gateway itself > (192.168.7.1). If pinging the LAN hosts works, your IPsec policies get negotiated correctly. Likely that your routing or firewall configuration drops packets. If you ping your internal gateway address, do you see incoming packets when sniffing on your gateway? Do you see ESP packets leaving? > 192.168.7.0 * 255.255.255.0 U 0 0 0 br-lan strongSwan installs a route to table 220 (ip route show table 220), which should go over your Sky router. It overrides the LAN route to your DHCP-assigned road-warrior IP. Can you confirm this route gets installed correctly? Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
