[Solved] Strongswan setup, no internet connection

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello,

I've set up strongswan vpn like described here: StrongSwan - Roadwarrior
I'm able to access my LAN devices, but I do not have access to the internet through VPN.
I'Ve exactly the same config as state at above link beside IP address 192.168.1.1 for gateway and 192.168.2.0/16 as ip range
Anything that's missing in this howto?

Sun Feb 24 19:28:27 2019 daemon.info : 00[DMN] Starting IKE charon daemon (strongSwan 5.6.3, Linux 4.9.152, mips)
Sun Feb 24 19:28:27 2019 daemon.info : 00[CFG] PKCS11 module '<name>' lacks library path
Sun Feb 24 19:28:31 2019 daemon.info : 00[LIB] curl SSL backend 'mbedTLS/2.14.1' not supported, https:// disabled
Sun Feb 24 19:28:32 2019 daemon.info : 00[CFG] disabling load-tester plugin, not configured
Sun Feb 24 19:28:32 2019 daemon.info : 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
Sun Feb 24 19:28:32 2019 daemon.info : 00[LIB] plugin 'uci' failed to load: Error relocating /usr/lib/ipsec/plugins/libstrongswan-uci.so: uci_lookup: symbol not found
Sun Feb 24 19:28:32 2019 daemon.info : 00[CFG] attr-sql plugin: database URI not set
Sun Feb 24 19:28:32 2019 daemon.info : 00[NET] using forecast interface br-lan
Sun Feb 24 19:28:32 2019 daemon.info : 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
Sun Feb 24 19:28:32 2019 daemon.info : 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Sun Feb 24 19:28:32 2019 daemon.info : 00[CFG]   loaded ca certificate "C=AT, O=strongSwan, CN=**URL**" from '/etc/ipsec.d/cacerts/caCert.pem'
Sun Feb 24 19:28:32 2019 daemon.info : 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Sun Feb 24 19:28:32 2019 daemon.info : 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Sun Feb 24 19:28:32 2019 daemon.info : 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Sun Feb 24 19:28:32 2019 daemon.info : 00[CFG] loading crls from '/etc/ipsec.d/crls'
Sun Feb 24 19:28:32 2019 daemon.info : 00[CFG] loading secrets from '/etc/ipsec.secrets'
Sun Feb 24 19:28:32 2019 daemon.info : 00[CFG]   loaded RSA private key from '/etc/ipsec.d/private/serverKey.pem'
Sun Feb 24 19:28:32 2019 daemon.info : 00[CFG]   loaded EAP secret for testuser
Sun Feb 24 19:28:32 2019 daemon.info : 00[CFG] sql plugin: database URI not set
Sun Feb 24 19:28:32 2019 daemon.info : 00[CFG] loaded 0 RADIUS server configurations
Sun Feb 24 19:28:32 2019 daemon.info : 00[CFG] HA config misses local/remote address
Sun Feb 24 19:28:32 2019 daemon.info : 00[CFG] coupling file path unspecified
Sun Feb 24 19:28:32 2019 daemon.info : 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent xcbc cmac hmac ctr ccm gcm curl mysql sqlite attr kernel-netlink resolve socket-default connmark forecast farp stroke vici smp updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls xauth-generic xauth-eap dhcp whitelist led duplicheck addrblock unity
Sun Feb 24 19:28:32 2019 daemon.info : 00[JOB] spawning 16 worker threads
Sun Feb 24 19:28:32 2019 authpriv.info ipsec_starter[2418]: charon (2424) started after 4720 ms
Sun Feb 24 19:28:32 2019 daemon.info : 07[CFG] received stroke: add connection 'roadwarrior'
Sun Feb 24 19:28:32 2019 daemon.info : 07[CFG] adding virtual IP address pool 192.168.2.0/16
Sun Feb 24 19:28:32 2019 daemon.info : 07[CFG]   loaded certificate "C=AT, O=strongSwan, CN=**URL**" from 'serverCert.pem'
Sun Feb 24 19:28:32 2019 daemon.info : 07[CFG]   loaded certificate "C=AT, O=strongSwan, CN=client" from 'clientCert.pem'
Sun Feb 24 19:28:32 2019 daemon.info : 07[CFG]   id '%any' not confirmed by certificate, defaulting to 'C=AT, O=strongSwan, CN=client'
Sun Feb 24 19:28:32 2019 daemon.info : 07[CFG] added configuration 'roadwarrior'

Best regards,
Alexander

2

Hello,
could you post here the configuration files that you have changed?

/etc/config/network
/etc/config/firewall
/etc/ipsec.d/*
/etc/strongswan.conf
/etc/ipsec.*

I hope I didn't forget anything.

3

Hello,

I found the error!
I've defined 192.168.2.0/24 for my vpn and 192.168.1.0 for my LAN.
Now I changed the VPN rightsourceip to 192.168.1.51/28 and now it works.

Best regards,
Alexander

4

If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).

grafik

2 Likes
5

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.