I have setup strongswan with a simple LAN-to-LAN config. The tunnel comes up but no traffic flows thru it. I figure I need to add something to the firewall and/or masquerading config. I tried to setup a VPN zone but cannot figure out a way to add the remote subnets to it so I end up with an empty zone. Below is what I hope is some useful info:
root@OpenWrt:/etc/config# ip route list table 220
10.0.0.0/24 via 2.2.2.1 dev eth1.2 proto static src 10.10.4.1
Security Associations (1 up, 0 connecting):
vpn.data[1]: ESTABLISHED 42 minutes ago, 2.2.2.2[2.2.2.2]...1.1.1.1[1.1.1.1]
vpn.data[1]: IKEv1 SPIs: ac63a9a44a8755e5_i* 99be1eb6f1d4ca5f_r, pre-shared key reauthentication in 7 hours
vpn.data[1]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_768
vpn.data{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: cbf9804a_i c58e266d_o
vpn.data{1}: 3DES_CBC/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 7 hours
vpn.data{1}: 10.10.4.0/24 === 10.0.0.0/24
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 10.0.0.0/24 10.10.4.0/24 policy match dir in pol ipsec reqid 1 proto esp
ACCEPT all -- 10.10.4.0/24 10.0.0.0/24 policy match dir out pol ipsec reqid 1 proto esp
forwarding_rule all -- anywhere anywhere /* !fw3: Custom forwarding rule chain */
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
zone_lan_forward all -- anywhere anywhere /* !fw3 */
zone_wan_forward all -- anywhere anywhere /* !fw3 */
reject all -- anywhere anywhere /* !fw3 */