Hello Tobias,
Indeed there is. When I added rule:
iptables -t nat -I POSTROUTING -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
right before MASQUERADE, to prevent masquerade for flow that is supposed
to go via VPN, it all suddenly start working.
Thank you very much for pointing me to right direction.
On 5/2/2016 14:19, Tobias Brunner wrote:
Hi Lukas,
But when I do ping to host that is obviously running and has firewall
with any/any allow:
# ping 192.168.1.54
PING 192.168.1.54 (192.168.1.54): 56 data bytes
^C
--- 192.168.1.54 ping statistics ---
7 packets transmitted, 0 packets received, 100% packet loss
#
when I run tcpdump on same system I can see:
# tcpdump -i any -n icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
bytes
12:47:09.671920 IP 1.2.3.4 > 192.168.1.54: ICMP echo request, id 8565,
seq 0, length 64
Any NAT configured on this host (e.g. from 192.168.1.0/24 to 1.2.3.4)?
If so, have a look at [1].
Regards,
Tobias
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
