Forums

Resolved
0 votes
I have setup an IPSEC VPN conection with the following parameters:

conn LK3
type=tunnel
authby=secret
auto=start
left=190.111.xxx.xxx
leftsubnet=192.168.x.x/24
right=66.179.xxx.xxx
rightsubnets={172.16.x.x/12,10.0.x.x/8}
salifetime=24h
ikelifetime=8h
ike=aes256-sha1;modp1024
phase2alg=aes256-sha1;modp1536
leftnexthop=190.111.x.y
leftsourceip=192.168.x.y
dpdaction=hold
dpdtimeout=120
dpddelay=30
compress=no
pfs=yes
rekey=yes
aggrmode=no

Tunnel is ok we have phase 2 and we can ping to their ip using the following firewall iptables rules:
$IPTABLES -t nat -I POSTROUTING -s 192.168.x.x/24 -d 10.0.x.x/8 -j ACCEPT # nonat1
$IPTABLES -t nat -I POSTROUTING -s 192.168.x.x/24 -d 172.16.x.x/12 -j ACCEPT # nonat2
$IPTABLES -A OUTPUT -d 172.16.x.x/12 -j ACCEPT # permitir salientes 172.16.x.x
$IPTABLES -A INPUT -s 172.16.x.x/12 -j ACCEPT # permitir ingreso 172.16.x.x
$IPTABLES -A INPUT -s 10.0.x.x/8 -j ACCEPT # permitir ingreso 10.0.x.x
$IPTABLES -A OUTPUT -d 10.0.x.x/8 -j ACCEPT # permitir salientes 10.0.x.x
$IPTABLES -A OUTPUT -d 66.179.xxx.xxx -j ACCEPT # permitir salida LK
$IPTABLES -A INPUT -s 66.179.xxx.xxx -j ACCEPT # Permitir Ingreso LK

THE PROBLEM is that they cannot see our LAN IPs, they can ping the firewall LAN but nothing inside the LAN.

Thanks for your help.

regards,
Monday, June 07 2021, 03:57 PM
Share this post:
Responses (1)
  • Accepted Answer

    Tuesday, June 08 2021, 09:02 AM - #Permalink
    Resolved
    0 votes
    Have you tried just using the ClearOS IPsec incoming firewall rule? If so, you should not need the ones you've created.
    The reply is currently minimized Show
Your Reply