On 15.05.1 x86_64

Tried the IPSEC instructions on the Wiki really didn't get on with generating the config via LUCI so did it by hand.

Ideally I'd like the VPN traffic in it's own zone, I've been able to hook the inbound traffic and jump it, but I'm having trouble doing the same for traffic TO the VPN (Outbound)

AT the moment my custom rules look like this

iptables -I forwarding_wan_rule --match policy --pol ipsec --dir in --proto esp -j zone_vpn_in_forward
iptables -I input_wan_rule --match policy --pol ipsec --dir in --proto esp -j zone_vpn_in_input
iptables -t nat -I postrouting_wan_rule --dst 10.0.0.0/8 -j ACCEPT
iptables -t nat -I postrouting_wan_rule --dst 85.xxx.xxx.xxx -j ACCEPT

The top 2 catch VPN traffic in the inbound/forwarding chain, the bottom 2 bypass nat for the VPN subnets.

I did try a rule simular to the first one but with dir out but it didn't seem to catch the outgoing traffic.

(Last edited by dragon2611 on 25 Jul 2016, 17:53)