By tachraweb
As i was following this tutorial: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2 and i did every step exactly as described in tutorial, i can connect to StrongSwan (Tested on Android) but there is no INTERNET!!!
There is no log, no nothing and firewall/nat are exactly the same as tutorial Any idea?!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Heya @tachraweb,
If you’ve set up a StrongSwan VPN server as per the DigitalOcean tutorial and you can connect to it but don’t have internet access, there might be a few areas to check and troubleshoot. The issue could be related to IP forwarding, firewall rules, or DNS configuration. Here are some steps you can take to diagnose and fix the problem:
- Check IP Forwarding: Ensure that IP forwarding is enabled on your VPN server. This setting allows your server to forward packets between the VPN clients and the internet.
- Check the current setting with:
sysctl net.ipv4.ip_forward
It should return net.ipv4.ip_forward = 1. If not, enable it by editing /etc/sysctl.conf and adding or uncommenting:
net.ipv4.ip_forward=1
and apply the changes
sysctl -p
- Review Firewall Rules: Incorrect or missing firewall rules can prevent VPN clients from accessing the internet. Make sure your iptables rules are set up correctly for NAT.
- The tutorial provides this command to configure iptables for NAT:
sudo iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE
-
Ensure that the subnet (
10.10.10.0/24) matches your VPN’s subnet andeth0is your server’s external network interface. Adjust them if necessary. -
To persist iptables rules across reboots, you might need to save them. This can be done with:
sudo netfilter-persistent save
-
DNS Configuration: Sometimes the issue is related to DNS. Make sure your VPN configuration is providing a valid DNS server to the clients.
- This can be set in the VPN configuration file (
ipsec.confor similar). Look for a line that sets DNS servers and make sure it’s a valid DNS provider.
- This can be set in the VPN configuration file (
-
Check VPN Logs: If the issue persists, checking logs can provide more insight.
- You can view StrongSwan’s logs with:
sudo tail -f /var/log/syslog | grep charon
- Client Configuration:
- Ensure that the VPN client configuration matches the server’s settings. Sometimes, issues can arise due to mismatches in configuration between the server and client.
- Firewall Configuration on the Server:
- If you have a firewall running on your server (like
ufw), make sure it’s not blocking the necessary VPN and internet traffic. - You can check your current ufw status with:
sudo ufw status
- Ensure that you allow traffic through the VPN tunnel and NAT.
- Network Interface Configuration:
- Ensure that the network interface mentioned in your NAT rule (e.g.,
eth0) is indeed the correct external interface. Useip addrto check your interfaces.
After making any changes, it’s important to restart the StrongSwan service and possibly your server to ensure all settings are correctly applied. If the problem persists after these checks, you might need to dig deeper into the specific configuration and logs to identify the issue.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.