StrongSwan IPsec PING only working once after ipsec restart

Question

Diagram VPN site to site:

I create an IP route like this:

sudo ip route add 192.168.1.0/24 via 10.132.146.166 eth0 eth1

And I have this iptable rules

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth1 -m policy --pol ipsec --dir in -j ACCEPT

What am I doing wrong?

score 3 · Answer 1 · answered Jun 07 '18 at 16:22

3

Try exempting the IPsec traffic from your MASQUERADE rule:

sudo iptables -t nat -I POSTROUTING -o eth0 -m policy --pol ipsec --dir out -j ACCEPT

answered Jun 07 '18 at 16:22

ecdsa

3,973
15
29

Yes!, you were right, when I disable most of Iptables rules it works! Thanks! – Makarov Jun 07 '18 at 17:01

StrongSwan IPsec PING only working once after ipsec restart

1 Answers1