Strongswan IPSEC VPN for Windows 7 road warrior config
up vote
0
down vote
favorite
Following the Strongswan wiki link for configuring Strongswan for Windows 7 clients:
http://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig
I used the sample files as-is with no changes except for strongswan.conf.
[ipsec.conf]
same as on wiki
[ipsec.secrets]
same as on wiki
[strongswan.conf]
# diff /etc/strongswan.conf /etc/strongswan.conf.template
4,6c4,7
< dns1 = 8.8.8.8
< dns2 = 8.8.4.4
< nbns1 = 192.168.0.1
---
> dns1 = 62.2.17.60
> dns2 = 62.2.24.162
> nbns1 = 10.10.1.1
> nbns2 = 10.10.0.1
dns servers 8.8.8.8 and .4.4 are Google DNS servers. 192.168.0.1 is the router IP.
THE PROBLEM
I can log into the VPN fine with Windows 7, but the remote client does not have any connectivity. The client gets dhcp IP from Strongswan: 10.10.3.1, the netmask is 255.255.255.255, the default gateway is 0.0.0.0. From the remote PC, I can ping the Strongswan server IP (192.168.0.50) but nothing else, not even the router at 192.168.0.1.
Thank you.
windows-7 vpn ipsec
add a comment |
up vote
0
down vote
favorite
Following the Strongswan wiki link for configuring Strongswan for Windows 7 clients:
http://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig
I used the sample files as-is with no changes except for strongswan.conf.
[ipsec.conf]
same as on wiki
[ipsec.secrets]
same as on wiki
[strongswan.conf]
# diff /etc/strongswan.conf /etc/strongswan.conf.template
4,6c4,7
< dns1 = 8.8.8.8
< dns2 = 8.8.4.4
< nbns1 = 192.168.0.1
---
> dns1 = 62.2.17.60
> dns2 = 62.2.24.162
> nbns1 = 10.10.1.1
> nbns2 = 10.10.0.1
dns servers 8.8.8.8 and .4.4 are Google DNS servers. 192.168.0.1 is the router IP.
THE PROBLEM
I can log into the VPN fine with Windows 7, but the remote client does not have any connectivity. The client gets dhcp IP from Strongswan: 10.10.3.1, the netmask is 255.255.255.255, the default gateway is 0.0.0.0. From the remote PC, I can ping the Strongswan server IP (192.168.0.50) but nothing else, not even the router at 192.168.0.1.
Thank you.
windows-7 vpn ipsec
I found the answer here: pluieglaciale.wordpress.com/2010/11/09/… Needed two more commands to make it all work echo 1 > /proc/sys/net/ipv4/ip_forward iptables -A POSTROUTING -t nat -j SNAT --to-source 192.168.0.1
– Lawrence Chiu
Sep 21 '13 at 3:20
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Following the Strongswan wiki link for configuring Strongswan for Windows 7 clients:
http://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig
I used the sample files as-is with no changes except for strongswan.conf.
[ipsec.conf]
same as on wiki
[ipsec.secrets]
same as on wiki
[strongswan.conf]
# diff /etc/strongswan.conf /etc/strongswan.conf.template
4,6c4,7
< dns1 = 8.8.8.8
< dns2 = 8.8.4.4
< nbns1 = 192.168.0.1
---
> dns1 = 62.2.17.60
> dns2 = 62.2.24.162
> nbns1 = 10.10.1.1
> nbns2 = 10.10.0.1
dns servers 8.8.8.8 and .4.4 are Google DNS servers. 192.168.0.1 is the router IP.
THE PROBLEM
I can log into the VPN fine with Windows 7, but the remote client does not have any connectivity. The client gets dhcp IP from Strongswan: 10.10.3.1, the netmask is 255.255.255.255, the default gateway is 0.0.0.0. From the remote PC, I can ping the Strongswan server IP (192.168.0.50) but nothing else, not even the router at 192.168.0.1.
Thank you.
windows-7 vpn ipsec
Following the Strongswan wiki link for configuring Strongswan for Windows 7 clients:
http://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig
I used the sample files as-is with no changes except for strongswan.conf.
[ipsec.conf]
same as on wiki
[ipsec.secrets]
same as on wiki
[strongswan.conf]
# diff /etc/strongswan.conf /etc/strongswan.conf.template
4,6c4,7
< dns1 = 8.8.8.8
< dns2 = 8.8.4.4
< nbns1 = 192.168.0.1
---
> dns1 = 62.2.17.60
> dns2 = 62.2.24.162
> nbns1 = 10.10.1.1
> nbns2 = 10.10.0.1
dns servers 8.8.8.8 and .4.4 are Google DNS servers. 192.168.0.1 is the router IP.
THE PROBLEM
I can log into the VPN fine with Windows 7, but the remote client does not have any connectivity. The client gets dhcp IP from Strongswan: 10.10.3.1, the netmask is 255.255.255.255, the default gateway is 0.0.0.0. From the remote PC, I can ping the Strongswan server IP (192.168.0.50) but nothing else, not even the router at 192.168.0.1.
Thank you.
windows-7 vpn ipsec
windows-7 vpn ipsec
edited Mar 16 '17 at 1:09
Ghostdog12
1510
1510
asked Sep 21 '13 at 0:51
Lawrence Chiu
123
123
I found the answer here: pluieglaciale.wordpress.com/2010/11/09/… Needed two more commands to make it all work echo 1 > /proc/sys/net/ipv4/ip_forward iptables -A POSTROUTING -t nat -j SNAT --to-source 192.168.0.1
– Lawrence Chiu
Sep 21 '13 at 3:20
add a comment |
I found the answer here: pluieglaciale.wordpress.com/2010/11/09/… Needed two more commands to make it all work echo 1 > /proc/sys/net/ipv4/ip_forward iptables -A POSTROUTING -t nat -j SNAT --to-source 192.168.0.1
– Lawrence Chiu
Sep 21 '13 at 3:20
I found the answer here: pluieglaciale.wordpress.com/2010/11/09/… Needed two more commands to make it all work echo 1 > /proc/sys/net/ipv4/ip_forward iptables -A POSTROUTING -t nat -j SNAT --to-source 192.168.0.1
– Lawrence Chiu
Sep 21 '13 at 3:20
I found the answer here: pluieglaciale.wordpress.com/2010/11/09/… Needed two more commands to make it all work echo 1 > /proc/sys/net/ipv4/ip_forward iptables -A POSTROUTING -t nat -j SNAT --to-source 192.168.0.1
– Lawrence Chiu
Sep 21 '13 at 3:20
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
http://pluieglaciale.wordpress.com/2010/11/09/how-to-setup-strongswan-proxy-on-single-ip-vps-for-windows-7-client/
All Solution credit goes to above blog.
(below is copy and paste from blog)
Enable IPv4 forwarding in the kernel. You can do this by the following statement:
echo 1 > /proc/sys/net/ipv4/ip_forward
However, to make it persistent, ie do it automatically on reboot, modify /etc/sysctl.conf and uncomment the equivalent line.
Next, enable the NAT. Replace the placeholder with the actual IP address of the VPN server.
iptables -A POSTROUTING -t NAT -j SNAT --to-source ‹VPN IP Address>
This line tells netfilter to rewrite packets so the source IP is replaced with the VPN’s IP address. In my case, ‹VPN IP Address> = 192.168.0.50
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
http://pluieglaciale.wordpress.com/2010/11/09/how-to-setup-strongswan-proxy-on-single-ip-vps-for-windows-7-client/
All Solution credit goes to above blog.
(below is copy and paste from blog)
Enable IPv4 forwarding in the kernel. You can do this by the following statement:
echo 1 > /proc/sys/net/ipv4/ip_forward
However, to make it persistent, ie do it automatically on reboot, modify /etc/sysctl.conf and uncomment the equivalent line.
Next, enable the NAT. Replace the placeholder with the actual IP address of the VPN server.
iptables -A POSTROUTING -t NAT -j SNAT --to-source ‹VPN IP Address>
This line tells netfilter to rewrite packets so the source IP is replaced with the VPN’s IP address. In my case, ‹VPN IP Address> = 192.168.0.50
add a comment |
up vote
0
down vote
http://pluieglaciale.wordpress.com/2010/11/09/how-to-setup-strongswan-proxy-on-single-ip-vps-for-windows-7-client/
All Solution credit goes to above blog.
(below is copy and paste from blog)
Enable IPv4 forwarding in the kernel. You can do this by the following statement:
echo 1 > /proc/sys/net/ipv4/ip_forward
However, to make it persistent, ie do it automatically on reboot, modify /etc/sysctl.conf and uncomment the equivalent line.
Next, enable the NAT. Replace the placeholder with the actual IP address of the VPN server.
iptables -A POSTROUTING -t NAT -j SNAT --to-source ‹VPN IP Address>
This line tells netfilter to rewrite packets so the source IP is replaced with the VPN’s IP address. In my case, ‹VPN IP Address> = 192.168.0.50
add a comment |
up vote
0
down vote
up vote
0
down vote
http://pluieglaciale.wordpress.com/2010/11/09/how-to-setup-strongswan-proxy-on-single-ip-vps-for-windows-7-client/
All Solution credit goes to above blog.
(below is copy and paste from blog)
Enable IPv4 forwarding in the kernel. You can do this by the following statement:
echo 1 > /proc/sys/net/ipv4/ip_forward
However, to make it persistent, ie do it automatically on reboot, modify /etc/sysctl.conf and uncomment the equivalent line.
Next, enable the NAT. Replace the placeholder with the actual IP address of the VPN server.
iptables -A POSTROUTING -t NAT -j SNAT --to-source ‹VPN IP Address>
This line tells netfilter to rewrite packets so the source IP is replaced with the VPN’s IP address. In my case, ‹VPN IP Address> = 192.168.0.50
http://pluieglaciale.wordpress.com/2010/11/09/how-to-setup-strongswan-proxy-on-single-ip-vps-for-windows-7-client/
All Solution credit goes to above blog.
(below is copy and paste from blog)
Enable IPv4 forwarding in the kernel. You can do this by the following statement:
echo 1 > /proc/sys/net/ipv4/ip_forward
However, to make it persistent, ie do it automatically on reboot, modify /etc/sysctl.conf and uncomment the equivalent line.
Next, enable the NAT. Replace the placeholder with the actual IP address of the VPN server.
iptables -A POSTROUTING -t NAT -j SNAT --to-source ‹VPN IP Address>
This line tells netfilter to rewrite packets so the source IP is replaced with the VPN’s IP address. In my case, ‹VPN IP Address> = 192.168.0.50
edited Sep 21 '13 at 22:04
answered Sep 21 '13 at 20:18
Lawrence Chiu
123
123
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f648283%2fstrongswan-ipsec-vpn-for-windows-7-road-warrior-config%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I found the answer here: pluieglaciale.wordpress.com/2010/11/09/… Needed two more commands to make it all work echo 1 > /proc/sys/net/ipv4/ip_forward iptables -A POSTROUTING -t nat -j SNAT --to-source 192.168.0.1
– Lawrence Chiu
Sep 21 '13 at 3:20