Hi,
We have an openwrt client (which also has it's own NAT-ed LAN clients) connecting to an Ubuntu server running Strongswan.
Server ipsec.conf:
config setup
strictcrlpolicy=yes
uniqueids=never
conn roadwarrior
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
ike=aes256gcm16-sha256-ecp521,aes256-sha256-ecp384!
esp=aes256gcm16-sha256!
dpdaction=clear
dpddelay=180s
rekey=no
left=%any
leftid=@[server_domain]
leftcert=cert.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
right=%any
rightid=%any
rightauth=eap-mschapv2
eap_identity=%any
rightdns=8.8.8.8,8.8.4.4
rightsourceip=10.10.10.0/24
rightsendcert=neverClient ipsec.conf:
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn utvpn
ike=aes256gcm16-sha256-ecp521,aes256-sha256-ecp384!
esp=aes256gcm16-sha256!
right=[server_domain]
rightid=%[server_domain]
rightsubnet=0.0.0.0/0
rightauth=pubkey
leftsourceip=%config
leftauth=eap-mschapv2
leftfirewall=yes
eap_identity=[identity]
auto=addThe tunnel gets created successfully and I can reach the client's virtual IP from the server.
However, the clients behind the openwrt gateway (on the LAN) can't a) access the internet (through the tunnel) or b) even reach the gateway's LAN IP address. Is this a routing or firewall issue? Help!
(Last edited by onebillion on 21 Aug 2017, 10:04)