OpenWrt Forum Archive

Topic: Strongswan firewall/NAT issue in tutorial?

The content of this topic has been archived on 2 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hello everybody,

i've set up IPsec with the files /etc/ipsec.conf /etc/ipsec.user and tried to follow your IPsec firewall tutorial to archive a Site2Site VPN connection between my OpenWrt Designated Driver 49971 and a Sonicwall and Fritz Box:

At the moment the IPsec connection is established and my OpenWrt can be pinged from the other site, but from OpenWrt site the other site is unreachable.

From my understanding there seem to be some errors  in the VPN Firewall Script.
I tried to start that firewall script manually and it showd mainly errors which i tried to correct as follows:

1. include . /etc/ -> should be . /lib/ as . /etc/ is not there

2. take care of the case sensitive tables "input" and "forward".
In the script they are all mentioned in lower case letters, which throwed errors like

root@OpenWrt:/etc# iptables -I input -j zone_vpn_gateway
iptables: No chain/target/match by that name.

when "input" is replaced by "INPUT" in the script, the command works.

sadly I don't know how to fix the nat related commands in the script:

root@OpenWrt:/etc# iptables -t nat -F zone_vpn_nat
iptables: No chain/target/match by that name.
root@OpenWrt:/etc# iptables -t NAT -F zone_vpn_nat
iptables v1.4.21: can't initialize iptables table `NAT': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

What can I do to get the VPN Firewall script in the tutorial fixed and my Site2Site connection working?

Thanks in advance!

may I see your ipsec.conf,you need edit your /etc/config/firewall  to add 500 port,and esp protocol。

The discussion might have continued from here.