I want to establish a tunnel connection to a remote site that uses IPSec. For the remote site I have:-
For the client site (My site). I provided:-
I managed to configure strongswan and establish tunnel connection but no traffic flow. When I tcpdump traffic passing through UDP port I get the following.
I did PREROUTING and POSTROUTING for incoming and outgoing traffic:-
sudo iptables -t nat -I PREROUTING 1 -s 41.222.176.X/32 -d 137.184.245.X/32 -j DNAT --to-destination 10.124.0.X
sudo iptables -t nat -I PREROUTING 1 -s 41.222.182.X/32 -d 137.184.245.X/32 -j DNAT --to-destination 10.124.0.X
sudo iptables -t nat -I POSTROUTING -s 10.124.0.X/32 -d 41.222.176.X/32 -j SNAT --to-source 137.184.245.X
sudo iptables -t nat -I POSTROUTING -s 10.124.0.X/32 -d 41.222.182.X/32 -j SNAT --to-source 137.184.245.X
Below is my ipsec.conf file:-
config setup
charondebug="all"
uniqueids=never
conn %default
type=tunnel
authby=secret
auto=start
keyexchange=ikev1
dpdaction=restart
closeaction=restart
keyingtries=%forever
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
ikelifetime=86400s
lifetime=3600s
forceencaps=yes
left=%defaultroute
leftid=10.124.0.X
leftsubnet=137.184.245.X/32
right=41.222.182.X
conn test
rightsubnet=41.222.176.X/32
conn live
rightsubnet=41.222.176.X/32
conn rend-1
rightsubnet=41.222.182.X/32
conn rend-2
rightsubnet=41.222.182.X/32
conn rend-3
rightsubnet=41.222.182.X/32
How can I get traffic to flow with this setup or what did I do wrong?
Many thanks for your assistance!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!