1

Following the Strongswan wiki link for configuring Strongswan for Windows 7 clients: http://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig

I used the sample files as-is with no changes except for strongswan.conf.

[ipsec.conf]

same as on wiki

[ipsec.secrets]

same as on wiki

[strongswan.conf]

# diff /etc/strongswan.conf /etc/strongswan.conf.template
4,6c4,7
<   dns1 = 8.8.8.8
<   dns2 = 8.8.4.4
<   nbns1 = 192.168.0.1
---
>   dns1 = 62.2.17.60
>   dns2 = 62.2.24.162
>   nbns1 = 10.10.1.1
>   nbns2 = 10.10.0.1

dns servers 8.8.8.8 and .4.4 are Google DNS servers. 192.168.0.1 is the router IP.

THE PROBLEM

I can log into the VPN fine with Windows 7, but the remote client does not have any connectivity. The client gets dhcp IP from Strongswan: 10.10.3.1, the netmask is 255.255.255.255, and the default gateway is 0.0.0.0. From the remote PC, I can ping the Strongswan server IP (192.168.0.50) but nothing else, not even the router at 192.168.0.1.

1

1 Answer 1

0

http://pluieglaciale.wordpress.com/2010/11/09/how-to-setup-strongswan-proxy-on-single-ip-vps-for-windows-7-client/

All solution credit goes to above blog.

(below is copy and paste from blog)

  • Enable IPv4 forwarding in the kernel. You can do this by the following statement:

      echo 1 > /proc/sys/net/ipv4/ip_forward
    

    However, to make it persistent, ie do it automatically on reboot, modify /etc/sysctl.conf and uncomment the equivalent line.

  • Next, enable the NAT. Replace the placeholder with the actual IP address of the VPN server.

      iptables -A POSTROUTING -t NAT -j SNAT --to-source <VPN IP Address>
    

    This line tells netfilter to rewrite packets so the source IP is replaced with the VPN’s IP address.

In my case, <VPN IP Address> = 192.168.0.50

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .