I want to establish a tunnel connection to a remote site that uses IPSec. For the remote site I have:-
- Gateway IP
- Encryption domain IP
For the client site (My site). I provided:-
- Gateway IP (My droplet public IP)
- Encryption Domain IP (My droplet floating IP). The remote site requires my encryption domain be Public IP.
I managed to configure strongswan and establish tunnel connection but no traffic flow. When I tcpdump traffic passing through UDP port I get the following.
- 16:13:28.954685 IP 161.35.236.X.4500 > 41.222.182.X.4500: NONESP-encap: isakmp: phase 2/others ? inf[E]
I did PREROUTING and POSTROUTING for incoming and outgoing traffic:-
sudo iptables -t nat -I PREROUTING 1 -s 41.222.176.X/32 -d 137.184.245.X/32 -j DNAT --to-destination 10.124.0.X
sudo iptables -t nat -I PREROUTING 1 -s 41.222.182.X/32 -d 137.184.245.X/32 -j DNAT --to-destination 10.124.0.X
sudo iptables -t nat -I POSTROUTING -s 10.124.0.X/32 -d 41.222.176.X/32 -j SNAT --to-source 137.184.245.X
sudo iptables -t nat -I POSTROUTING -s 10.124.0.X/32 -d 41.222.182.X/32 -j SNAT --to-source 137.184.245.X
Below is my ipsec.conf file:-
config setup
charondebug="all"
uniqueids=never
conn %default
type=tunnel
authby=secret
auto=start
keyexchange=ikev1
dpdaction=restart
closeaction=restart
keyingtries=%forever
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
ikelifetime=86400s
lifetime=3600s
forceencaps=yes
left=%defaultroute
leftid=10.124.0.X
leftsubnet=137.184.245.X/32
right=41.222.182.X
conn test
rightsubnet=41.222.176.X/32
conn live
rightsubnet=41.222.176.X/32
conn rend-1
rightsubnet=41.222.182.X/32
conn rend-2
rightsubnet=41.222.182.X/32
conn rend-3
rightsubnet=41.222.182.X/32
How can I get traffic to flow with this setup or what did I do wrong?
Many thanks for your assistance!
Submit an answer
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!