On 12/09/2014 02:24 PM, Hasse Hagen Johansen wrote: > So I have these rules: > > Chain zone_wan (1 references) > target prot opt source destination > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 > ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:500 > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4500 > ACCEPT tcp -- 192.168.100.50 0.0.0.0/0 tcp dpt:53 > ACCEPT udp -- 192.168.100.50 0.0.0.0/0 udp dpt:53 > input_wan all -- 0.0.0.0/0 0.0.0.0/0 > zone_wan_REJECT all -- 0.0.0.0/0 0.0.0.0/0 > > I did this as quick fix because I couldn't figure out how to match the > vpn client as source. Is there anyway how to match packages coming from > the vpn clients?
Yes, try "-m policy --dir in --pol ipsec" as the matching criterion. You can also combine it with other criteria. HTH, Simon _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users