[Openswan Users] problem with openswan
Alejandro Perretta
alejandro at geopagos.com
Mon Nov 17 07:57:22 EST 2014
Hi i have this ipsec.conf
conn test1
left=10.0.1.196
# esp=aes256-sha1!
phase2alg=aes128
leftid=54.86.xxx.xx
leftsourceip=54.86.34.213
leftsubnets="54.86.34.xxx/32 54.86.xx.54/32"
right=12.10.219.57
rightsubnets="148.171.xxx.0/22 148.171.xxx.0/22"
authby=secret
ike=aes-128
ikelifetime=86400s
pfs=yes
auto=start
the telnet from the vpn server to test one host on 148.171.221.92 and works
fine. but if i send a telnet from 10.0.0.1.37 ( one host on my private
network) cant connect the service.
My iptables
filter
:INPUT ACCEPT [362601:2929633039]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [311889:27000502]
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.6.0.0/24 -j ACCEPT
-A FORWARD -s 10.128.88.0/24 -j ACCEPT
-A FORWARD -s 148.xxx.xxx.xxx -j ACCEPT
-A FORWARD -s 54.86.xxx.xxx -j ACCEPT
-A FORWARD -s 10.0.1.0/24 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Fri Nov 14 21:43:05 2014
# Generated by iptables-save v1.4.21 on Fri Nov 14 21:43:05 2014
*nat
:PREROUTING ACCEPT [4:642]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [11:765]
:POSTROUTING ACCEPT [11:765]
#-A PREROUTING -d 54.86.xxx.xxx/32 -j DNAT --to-destination 10.0.1.217
#-A POSTROUTING -s 10.0.1.217 -j MASQUERADE
COMMIT
# Completed on Fri Nov 14 21:43:05 2014
--
Alejandro Perretta
Geopagos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20141117/93dc28ae/attachment.html>
More information about the Users
mailing list