Following the Strongswan wiki link for configuring Strongswan for Windows 7 clients: http://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig

I used the sample files as-is with no changes except for strongswan.conf.


same as on wiki


same as on wiki


# diff /etc/strongswan.conf /etc/strongswan.conf.template
<   dns1 =
<   dns2 =
<   nbns1 =
>   dns1 =
>   dns2 =
>   nbns1 =
>   nbns2 =

dns servers and .4.4 are Google DNS servers. is the router IP.


I can log into the VPN fine with Windows 7, but the remote client does not have any connectivity. The client gets dhcp IP from Strongswan:, the netmask is, and the default gateway is From the remote PC, I can ping the Strongswan server IP ( but nothing else, not even the router at


1 Answer 1



All solution credit goes to above blog.

(below is copy and paste from blog)

  • Enable IPv4 forwarding in the kernel. You can do this by the following statement:

      echo 1 > /proc/sys/net/ipv4/ip_forward

    However, to make it persistent, ie do it automatically on reboot, modify /etc/sysctl.conf and uncomment the equivalent line.

  • Next, enable the NAT. Replace the placeholder with the actual IP address of the VPN server.

      iptables -A POSTROUTING -t NAT -j SNAT --to-source <VPN IP Address>

    This line tells netfilter to rewrite packets so the source IP is replaced with the VPN’s IP address.

In my case, <VPN IP Address> =

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .