Hello.
I'm trying to configure IPsec in OpenVZ containers. The tunnel itself works fine, but SNAT doesn't work at all. I need someone to test it on their boxes, especially with OpenVZ, because exactly the same configuration works fine on my dedicated server. It will take only 3-5 minutes of your time.
You need 64-bit Debian 7 or jessie.
% aptitude install strongswan libcharon-extra-plugins
Add to the bottom of /etc/ipsec.conf
conn rw
left=%any
leftsubnet=0.0.0.0/0
leftauth=psk
right=%any
rightsourceip=10.3.0.0/24
rightdns=8.8.8.8
rightauth=psk
rightauth2=xauth
auto=add
Add to the bottom of /etc/ipsec.secrets
: PSK "psk"
test : XAUTH "test"
% iptables -t nat -I POSTROUTING -s 10.3.0.0/24 -j MASQUERADE
% service ipsec restart
Now try to connect to your IPsec tunnel (I do this from my Android smartphone). Use "IPsec Xauth PSK" profile, "psk" as preshared key and test/test as username and password.
Expected result:
You can access internet on your smartphone with server IP address
Actual result:
You cannot access internet on your smartphone, while you can ping server ip address from smartphone and smartphone ip (10.3.0.1) from server.
I highly appreciate any testing results.
http://ift.tt/1dvHQ0Z
0 comments:
Post a Comment