I want to establish a tunnel connection to a remote site that uses IPSec. For the remote site I have:-
For the client site (My site). I provided:-
I managed to configure strongswan and establish tunnel connection but no traffic flow. When I tcpdump traffic passing through UDP port I get the following.
I did PREROUTING and POSTROUTING for incoming and outgoing traffic:-
sudo iptables -t nat -I PREROUTING 1 -s 41.222.176.X/32 -d 137.184.245.X/32 -j DNAT --to-destination 10.124.0.X
sudo iptables -t nat -I PREROUTING 1 -s 41.222.182.X/32 -d 137.184.245.X/32 -j DNAT --to-destination 10.124.0.X
sudo iptables -t nat -I POSTROUTING -s 10.124.0.X/32 -d 41.222.176.X/32 -j SNAT --to-source 137.184.245.X
sudo iptables -t nat -I POSTROUTING -s 10.124.0.X/32 -d 41.222.182.X/32 -j SNAT --to-source 137.184.245.X
Below is my ipsec.conf file:-
config setup
charondebug="all"
uniqueids=never
conn %default
type=tunnel
authby=secret
auto=start
keyexchange=ikev1
dpdaction=restart
closeaction=restart
keyingtries=%forever
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
ikelifetime=86400s
lifetime=3600s
forceencaps=yes
left=%defaultroute
leftid=10.124.0.X
leftsubnet=137.184.245.X/32
right=41.222.182.X
conn test
rightsubnet=41.222.176.X/32
conn live
rightsubnet=41.222.176.X/32
conn rend-1
rightsubnet=41.222.182.X/32
conn rend-2
rightsubnet=41.222.182.X/32
conn rend-3
rightsubnet=41.222.182.X/32
How can I get traffic to flow with this setup or what did I do wrong?
Many thanks for your assistance!