I want to setup an VPN-Server for my local web traffic (iPhone/iPad/MacBook).
So far I managed to setup basic configuration with CA & Client-Cert. For the moment my client can connect to the server and access server resources, but has no route to the internet.
The server is accessible directly via public IP (no home installation...).
What do I need to change to route all my client traffic through the VPN-Server and enable internet access for my clients?
Thanks in advance
/etc/ipsec.conf
config setup
conn rw
keyexchange=ikev1
authby=xauthrsasig
xauth=server
auto=add
#
#LEFT (SERVER)
left=%defaultroute
leftsubnet=0.0.0.0/0
leftfirewall=yes
leftcert=serverCert.pem
#
#RIGHT (CLIENT)
right=%any
rightsubnet=10.0.0.0/24
rightsourceip=10.0.0.0/24
rightcert=clientCert.pem
iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 10.0.0.1 anywhere policy match dir in pol ipsec reqid 1 proto esp
ACCEPT all -- anywhere 10.0.0.1 policy match dir out pol ipsec reqid 1 proto esp
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Found the solution!
/etc/ipsec.conf
rightsubnet=10.0.0.0/24
iptables
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -m policy --dir out --pol ipsec -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
System
sysctl net.ipv4.ip_forward=1