Hello,
I'm new to Strongswan (and to networking/VPNs in general) so I suspect
this is a standard problem with answers all of the internet which I am
unable to find due to my inexperience. If so, feel free to yell at me
about better places to look and I can move on. :)
My basic setup is that I have a Linux HOST that connects to a VPN.
Inside the VPN the HOST is assigned another address. Inside the network
there is static routing between the internal address and another
internal subnet that I would like to reach from the outside. I'll put
some numbers in to make it concrete:
* VPN Server IP: 10.130.16.148 (don't think this is important for my
questions)
* External HOST IP: 10.122.1.94
* Internal VPN IP: 10.37.1.94
* Internal Target Subnet: 10.108.88.0/24
So I think what I want is for packets originating on HOST with source IP
10.122.1.94 and target IP (say) 10.108.88.39 to get sent over the
tunnel, the source IP to be changed to 10.37.1.94, then forwarded
through by regular routing, and finally I want the same thing to happen
in reverse. I have tried many different settings, one example being the
following (I removed settings that I think aren't relevant):
IPSEC_REMOTE_IPADDR=10.130.16.148
IPSEC_REMOTE_NETWORK=10.108.88.0
IPSEC_REMOTE_NETMASK=255.255.255.0
IPSEC_LOCAL_NETWORK=10.37.1.94
IPSEC_LOCAL_NETMASK=255.255.255.255
The connection starts up fine, but when I try something like
telnet 10.108.88.39 5000
then it just times out. I have tried many other variations of various
settings, but I think I'm just sort of throwing things at the wall
hoping they will stick (a strategy of questionable wisdom).
I believe my problem is that I am incorrectly setting up routing/NAT.
Can anyone here see easily what I'm doing wrong? Is this sort of thing
something that I can setup out of the box with Strongswan or would I
need to do some NAT by hand? (I believe that I can do something similar
here with iptables, but like I said I'm new to all this stuff.)
Let me know if my question is unclear. Thanks a lot for any help!
Cheers,
Thomas
