Project

General

Profile

Issue #3569

Strongswan browsing issue

Added by Sudeep Kote about 1 month ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Category:
network / firewall
Affected version:
5.8.2
Resolution:
No change required

Description

Hello All,is strongswan is any ISP 's specific , Actually I have setup strongswan Ipsec VPN server on Google platform for our Laptop users , its connecting fine but we can't browse the internet but what I observed is it worked some users and it will not work for others .
1.I want to understand if there is any ISP or internet data specific?
2. Do we have to manage any certificate ?
3. Is Google cloud giving any trouble ?
4.Is there any configuration issue ?
5. we are using ubuntu OS Server, Ubuntu can we make it work!!

ipsec configuration : 
config setup
    charondebug="ike 1, knl 1, cfg 0"
    uniqueids=no

conn ikev2-vpn
    auto=add
    compress=no
    type=tunnel
    keyexchange=ikev2
    fragmentation=yes
    forceencaps=yes
    dpdaction=clear
    dpddelay=300s
    rekey=no
    left=%any
    leftid=1.1.1.1 ##GCP instance public IP
    leftcert=server-cert.pem
    leftsendcert=always
    leftsubnet=0.0.0.0/0
    leftfirewall=yes
    right=%any
    rightid=%any
    rightauth=eap-mschapv2
    rightsourceip=10.10.10.0/24
    rightdns=8.8.8.8
    eap_identity=%identity
    ike=chacha20poly1305-sha512-curve25519-prfsha512,aes256gcm16-sha384-prfsha384-ecp384,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
    esp=chacha20poly1305-sha512,aes256gcm16-ecp384,aes256-sha256,aes256-sha1,3des-sha1!

Client system Configuration : 
config setup

conn ikev2-rw
    right=1.1.1.1
    rightid=1.1.1.1 (Pub IP Add)    rightsubnet=0.0.0.0/0    rightauth=pubkey    leftsourceip=%config   leftid=username 
    leftauth=eap-mschapv2
    eap_identity=%identity
    leftfirewall=yes

Regards 
Sudeep

History

#1 Updated by Tobias Brunner about 1 month ago

  • Status changed from New to Feedback

Maybe have a look at ForwardingAndSplitTunneling, in particular the section about MTU/MSS issues.

#2 Updated by Sudeep Kote about 1 month ago

Thanks for your support .. it was MTU/MSS issue only .. its working now ...

#3 Updated by Tobias Brunner about 1 month ago

  • Category set to network / firewall
  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No change required

Also available in: Atom PDF