i've set up IPsec with the files /etc/ipsec.conf /etc/ipsec.user and tried to follow your IPsec firewall tutorial to archive a Site2Site VPN connection between my OpenWrt Designated Driver 49971 and a Sonicwall and Fritz Box:
At the moment the IPsec connection is established and my OpenWrt can be pinged from the other site, but from OpenWrt site the other site is unreachable.
From my understanding there seem to be some errors in the VPN Firewall Script.
I tried to start that firewall script manually and it showd mainly errors which i tried to correct as follows:
1. include . /etc/functions.sh -> should be . /lib/functions.sh as . /etc/functions.sh is not there
2. take care of the case sensitive tables "input" and "forward".
In the script they are all mentioned in lower case letters, which throwed errors like
root@OpenWrt:/etc# iptables -I input -j zone_vpn_gateway iptables: No chain/target/match by that name.
when "input" is replaced by "INPUT" in the script, the command works.
sadly I don't know how to fix the nat related commands in the script:
root@OpenWrt:/etc# iptables -t nat -F zone_vpn_nat iptables: No chain/target/match by that name. root@OpenWrt:/etc# iptables -t NAT -F zone_vpn_nat iptables v1.4.21: can't initialize iptables table `NAT': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. root@OpenWrt:/etc#
What can I do to get the VPN Firewall script in the tutorial fixed and my Site2Site connection working?
Thanks in advance!