0

Diagram VPN site to site:

Diagram VPN site to site

And a GIF showing what is happening.

I create an IP route like this:

sudo ip route add 192.168.1.0/24 via 10.132.146.166 eth0 eth1

And I have this iptable rules

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth1 -m policy --pol ipsec --dir in -j ACCEPT

What am I doing wrong?

1 Answer 1

3

Try exempting the IPsec traffic from your MASQUERADE rule:

sudo iptables -t nat -I POSTROUTING -o eth0 -m policy --pol ipsec --dir out -j ACCEPT
1
  • Yes!, you were right, when I disable most of Iptables rules it works! Thanks!
    – Makarov
    Commented Jun 7, 2018 at 17:01

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .