![]() This way I just need one NAT rule for everything. I’m NATing the entire 10/8 for VPN usage and assign different /24’s to different VPN softwares. sbin/iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o eth0 -j MASQUERADE Make sure to allow IPv4 packet forwarding in /etc/nf: _forward=1 Restart it using service strongswan restart That’s already all we need for strongSwan. etc/crets (replace 123.123.123.123 with the server’s public IP address) 123.123.123.123 %any : PSK "replace but leave the quotes" StrongSwan 5 has been modularised in Ubuntu 14.04 so we need to install the required plugins using apt-get as well: apt-get install strongswan strongswan-plugin-xauth-generic ![]() While strongSwan works well with KVM and Xen containers, it probably won’t work with non-virtualised containers like OpenVZ or LXC. Make sure to use the Cisco IPSec VPN profile, not the L2TP over IPSec profile you need for Openswan. I haven’t tried the VPN configuration below with non-Apple clients but it works well with iOS and OS X clients. If you plan to share your VPN server with your friends it’s also a lot easier to setup for them without certificates. ![]() I prefer a simple IKEv1 setup using PSK and XAUTH over certificates. I prefer strongSwan over Openswan because it’s still in active development, easier to setup and doesn’t require a L2TP daemon.
0 Comments
Leave a Reply. |