Good morning, I'm having trouble configuring access to the servers through a VPN. The client can connect to the VPN perfectly, but access to the servers does not work.
The conf of my connection is this:
conn alex
type=tunnel
authby=secret
left=%defaultroute
leftid=***IP PÚBLICO SERVER***
leftsubnet=172.31.0.8/30
right=***IP PÚBLICO CLIENT***
rightsubnet=192.168.0.0/24
auto=start
aggrmode=no
rekey=yes
keyingtries=2
keyexchange=ike
ike=3des-sha1-modp1536!
ikelifetime=8h
phase2=esp
phase2alg=3des-sha1
keylife=3600s
The client needs to access the server 172.31.12.132 (/20), but can not. Ping is disabled, I'm testing telnet on the port it needs to access, and it always gives timeout on the connection.
This network is configured in AWS, the VPN server is an AMI Linux with Openswan IPSec and IPTables.
The network mask is limited (/30) by requirement of the third, for safety there must be isolation.
I think some routing is missing that is not created correctly, tried in several ways and could not solve.
172.31.12.132
is definitely not part of172.31.0.8/30
and that's probably your problem. What do you mean by "The network mask is limited (/30) by requirement of the third, for safety there must be isolation." Neither IPSec nor iptables induce any limits to the netmask. If Openswan limits you this way you should replace it by Strongswan, which does not.