2

Here is the issue:

I have Linux strongSwan U5.3.5/K4.4.0-72-generic running on Ubuntu 16.04.2 LTS with a Windows 10 Pro client. I have the system set up and am able to tell the client to connect to the server. When a connection is made, the client states that the connection has no internet access. Being the upstanding internet researcher that I am, I did a quick google search to see if this was a common issue in hopes of a simple solution. This search has led me to believe that my iptables configuration may be wrong.

More background which may be helpful:

I have already set ipv4/ipv6 forwarding to enabled in sysctl.

My network interfaces file looks like the following:

auto lo
iface lo inet loopback

auto ens3
iface ens3 inet dhcp

my iptables -L outputs the following:

root@hydrogen:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere             udp dpt:isakmp
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ipsec-nat-t
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  10.10.10.1           anywhere             policy match dir in pol ipsec reqid 4 proto esp
ACCEPT     all  --  anywhere             10.10.10.1           policy match dir out pol ipsec reqid 4 proto esp
ACCEPT     all  --  10.10.10.1           anywhere             policy match dir in pol ipsec reqid 18 proto esp
ACCEPT     all  --  anywhere             10.10.10.1           policy match dir out pol ipsec reqid 18 proto esp
ACCEPT     all  --  10.10.10.0/24        anywhere             policy match dir in pol ipsec proto esp
ACCEPT     all  --  10.10.10.0/24        anywhere             policy match dir out pol ipsec proto esp
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I have looked at the following questions but have not found a helpful solution:

Strongswan (IKEv2) connection established, but no traffic routing

StrongSwan ikev2 routing through VPN in Windows 10

Traffic cannot be routed despite Strongswan VPN connection being established

user410909
  • 21
  • 2
  • 1
    Please post the output of `iptables-save` instead of that of `iptables -L`. Also, please read [this article](https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling) on the strongSwan wiki. – ecdsa Apr 18 '17 at 06:59
  • Have you enabled ip forwarding (e.g. `sysctl -w net.ipv4.ip_forward=1`), and are you pushing the correct routes to your clients? It may help if you could share the relevant config fragments from your strongswan config (i.e. the connection in use for this setup). – iwaseatenbyagrue Apr 19 '17 at 15:59

1 Answers1

0

Had a similar issue, By Setting this "sysctl -w net.ipv4.ip_forward=1" browsing worked.