Need someone to test IPsec on their boxes
I'm trying to configure IPsec in OpenVZ containers. The tunnel itself works fine, but SNAT doesn't work at all. I need someone to test it on their boxes, especially with OpenVZ, because exactly the same configuration works fine on my dedicated server. It will take only 3-5 minutes of your time.
You need 64-bit Debian 7 or jessie.
% aptitude install strongswan libcharon-extra-plugins Add to the bottom of /etc/ipsec.conf conn rw left=%any leftsubnet=0.0.0.0/0 leftauth=psk right=%any rightsourceip=10.3.0.0/24 rightdns=22.214.171.124 rightauth=psk rightauth2=xauth auto=add Add to the bottom of /etc/ipsec.secrets : PSK "psk" test : XAUTH "test" % iptables -t nat -I POSTROUTING -s 10.3.0.0/24 -j MASQUERADE % service ipsec restart
Now try to connect to your IPsec tunnel (I do this from my Android smartphone). Use "IPsec Xauth PSK" profile, "psk" as preshared key and test/test as username and password.
You can access internet on your smartphone with server IP address
You cannot access internet on your smartphone, while you can ping server ip address from smartphone and smartphone ip (10.3.0.1) from server.
I highly appreciate any testing results.