Hi, I'm new to strongswan and run into issues on setting up my ipsec vpn for roaming iOS clients. They need to have access to system on the LAN while traveling and here is what I've got:
LAN 192.168.10.0/24 ---- eth0 192.168.10.231 SERVER 64.xxx.xxx.200 eth1 ---- internet ---- client (iphone) I have LAN with 192.168.10.0/24 range. There is Centos 6 server which has two interfaces: LAN and WAN. It is not router, it is dedicated system for VPN. I've followed guide http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple) but after completing configuration, unable to ping anything. iOS reports, that VPN connection established, but can't ping neither LAN IP of VPN server not phone IP from VPN server. Here is my ipsec.conf: config setup plutostart=yes nat_traversal=yes conn ios keyexchange=ikev1 authby=xauthrsasig xauth=server left=%defaultroute leftsubnet=0.0.0.0/0 leftfirewall=yes leftcert=serverCert.pem right=%any rightsubnet=192.168.200.0/24 rightsourceip=192.168.200.2 rightcert=user1.pem pfs=no auto=add I have iptables enabled on the system. By default, INPUT is drop by default, OUTPUT is accept by default. I've added following rules into my iptables: -A FIREWALL -i eth1 -p esp -j ACCEPT -A FIREWALL -i eth1 -p udp -m udp --dport 500 -j ACCEPT -A FIREWALL -i eth1 -p udp -m udp --dport 4500 -j ACCEPT -t nat -A POSTROUTING -o eth1 -s 192.168.200.0/24 -j MASQUERADE So here are my questions: 1. What did I miss in order to setup this VPN connection? 2. When I disconnect with iOS device, I won't able to re-connect unless I restart strongswan 3. How can I modify this configuration to allow multiple clients to connect? Regards, Sasha _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
