-
Ipsec tunnel ok but not routing for remote site
I have setup an IPSEC VPN conection with the following parameters:
conn LK3
type=tunnel
authby=secret
auto=start
left=190.111.xxx.xxx
leftsubnet=192.168.x.x/24
right=66.179.xxx.xxx
rightsubnets={172.16.x.x/12,10.0.x.x/8}
salifetime=24h
ikelifetime=8h
ike=aes256-sha1;modp1024
phase2alg=aes256-sha1;modp1536
leftnexthop=190.111.x.y
leftsourceip=192.168.x.y
dpdaction=hold
dpdtimeout=120
dpddelay=30
compress=no
pfs=yes
rekey=yes
aggrmode=no
Tunnel is ok we have phase 2 and we can ping to their ip using the following firewall iptables rules:
$IPTABLES -t nat -I POSTROUTING -s 192.168.x.x/24 -d 10.0.x.x/8 -j ACCEPT # nonat1
$IPTABLES -t nat -I POSTROUTING -s 192.168.x.x/24 -d 172.16.x.x/12 -j ACCEPT # nonat2
$IPTABLES -A OUTPUT -d 172.16.x.x/12 -j ACCEPT # permitir salientes 172.16.x.x
$IPTABLES -A INPUT -s 172.16.x.x/12 -j ACCEPT # permitir ingreso 172.16.x.x
$IPTABLES -A INPUT -s 10.0.x.x/8 -j ACCEPT # permitir ingreso 10.0.x.x
$IPTABLES -A OUTPUT -d 10.0.x.x/8 -j ACCEPT # permitir salientes 10.0.x.x
$IPTABLES -A OUTPUT -d 66.179.xxx.xxx -j ACCEPT # permitir salida LK
$IPTABLES -A INPUT -s 66.179.xxx.xxx -j ACCEPT # Permitir Ingreso LK
THE PROBLEM is that they cannot see our LAN IPs, they can ping the firewall LAN but nothing inside the LAN.
Thanks for your help.
regards, -
-
-
Congrats on registering on the site!
-
Toggle Sidebar