1

Good morning, I'm having trouble configuring access to the servers through a VPN. The client can connect to the VPN perfectly, but access to the servers does not work.

The conf of my connection is this:

conn alex
   type=tunnel
   authby=secret
   left=%defaultroute
   leftid=***IP PÚBLICO SERVER***
   leftsubnet=172.31.0.8/30
   right=***IP PÚBLICO CLIENT***
   rightsubnet=192.168.0.0/24
   auto=start

   aggrmode=no
   rekey=yes
   keyingtries=2
   keyexchange=ike
   ike=3des-sha1-modp1536!
   ikelifetime=8h
   phase2=esp
   phase2alg=3des-sha1
   keylife=3600s

The client needs to access the server 172.31.12.132 (/20), but can not. Ping is disabled, I'm testing telnet on the port it needs to access, and it always gives timeout on the connection.

This network is configured in AWS, the VPN server is an AMI Linux with Openswan IPSec and IPTables.

The network mask is limited (/30) by requirement of the third, for safety there must be isolation.

I think some routing is missing that is not created correctly, tried in several ways and could not solve.

1
  • 1
    172.31.12.132 is definitely not part of 172.31.0.8/30 and that's probably your problem. What do you mean by "The network mask is limited (/30) by requirement of the third, for safety there must be isolation." Neither IPSec nor iptables induce any limits to the netmask. If Openswan limits you this way you should replace it by Strongswan, which does not.
    – blafasel
    Commented Jul 18, 2019 at 10:52

0

You must log in to answer this question.

Browse other questions tagged .