Christopher, I believe I am having a problem very similar to yours, so I have been trying to follow the conversation. In the diagram under the "securing a network" section https://wiki.strongswan.org/projects/strongswan/wiki/IntroductionTostrongSwan is your problem that moon can ping sun but Alice and Bob can't ping each other??? From what I understand in order for strongswan to insert the proper firewall rules you have to have " leftfirewall=yes" in ipsec.conf (which from the ipsec.conf you posted it looks like you do); but, you still have to put the following lines in your firewall.user file
iptables -t nat -I POSTROUTING -s 10.1.0.0/16 -o eth0 -m policy --dir out --pol ipsec --proto esp -j ACCEPT iptables -t nat -I PREROUTING -s 10.2.0.0/16 -i eth0 -m policy --dir in --pol ipsec --proto esp -j ACCEPT iptables -A input_rule -p esp -j ACCEPT iptables -A input_rule -p udp --dport 500 -j ACCEPT iptables -A input_rule -p udp --dport 4500 -j ACCEPT ~Josiah s. Yeagley _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
