I have some news, looks like originally the connection wasn't really establishing. What I did to solve is removing the pool. Now the connection works correctly, but the only thing I'm missing is setting our company DNS. As you can see on that pool I tried setting those DNS servers (it forces me to set "addrs" value, I really don't need it).
What should be the correct way to set DNS? I have no idea why the connection fails with that pool. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ Il giovedì, marzo 28, 2019 3:25 PM, xalloc <[email protected]> ha scritto: > Sorry if I didn't explain properly this part in the OP, the gateway is an > hardware firewall. We use its IPSEC. > So no way to set that system value. > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > Il giovedì 28 marzo 2019 16:13, Brian Colby <[email protected]> ha > scritto: > >> Did you add “sysctl net.ipv4.ip_forward=1” on the gateway, as described on >> the page I sent? >> >> On Mar 28, 2019, at 02:23, xalloc <[email protected]> wrote: >> >>> Do you mean forwarding client-side? I can't setup that, clients use both >>> Windows and Linux, I need to provide them only the strongswan >>> configuration. Everything should be handled only by Strongswan and the >>> Gateway. >>> >>> Am I missing something on the page you linked? >>> >>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ >>> Il mercoledì 27 marzo 2019 17:25, Brian Colby <[email protected]> ha >>> scritto: >>> >>>> Hi Xalloc, >>>> >>>> If you’re connecting but not passing traffic, you may not have forwarding >>>> setup properly. Have you checked out this page? >>>> https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling >>>> >>>> R/s, >>>> Brian >>>> >>>> On Mar 27, 2019, at 02:48, xalloc <[email protected]> wrote: >>>> >>>>> Any kind soul please? >>>>> >>>>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ >>>>> March 18 2019 10:18, xalloc <[email protected]> wrote: >>>>> >>>>>> Hello, I'm setting up swanctl configuration file to connect to my >>>>>> company VPN but I'm missing something. >>>>> >>>>>> [...] >>>>> >>>>>> From those messages seems it can connect but when I ping something (even >>>>>> DNS) nothing works.
