Hi, Looking for some help setting up my 1st strong swan vpn server and having some IPTABLES lack of knowledge issues.
I've an Ubuntu 16.04 server with strongswan 5.3.5 packages installed. The plan is to have external user to connect to the server via a public IP address from outside the university. and enter the campus network via our checkpoint firewall on a 172.18.64.0/24 IP address. Client devices are assigned an IP address by the vpn server. e.g. outside world --> <144.32.x.y> (interface ens1f0) || VPN server||| 10.16.35.121 (interface ens1f1) -------|| campus firewall ||---- 144.32/0/0/16 netstat -nr on the server gives Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 144.32.128.1 0.0.0.0 UG 0 0 0 ens1f0 10.16.35.120 0.0.0.0 255.255.255.248 U 0 0 0 ens1f1 144.32.128.0 0.0.0.0 255.255.254.0 U 0 0 0 ens1f0 So all traffic destined for the campus network needs to go down ens1f1 interface I've set up my own updown script which I know is being invoked but not sure if I've got the correct stuff in it. I can connect to the VPN server and ping 10.167.35.120 and 10.16.35.126 which is the campus firewall endpoint and that works. When connected iptables -S shows -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A FORWARD -s 172.18.64.1/32 -i ens1f1 -j ACCEPT -A FORWARD -d 172.18.64.1/32 -o ens1f1 -j ACCEPT ... or is this too simplistic a set of rules ? Rgds Alex
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
