I'm having problems using a VPN connection on Ubuntu, as a client. Works well on Windows. Ubuntu does not receive the route table…
Scenario:
Server: Centos 7 with Strongswan (Ipsec, IKEv2)
Static IP set to 10.0.77.1
/etc/sysconfig/network-scripts/ifcfg-eth0:0
DEVICE=eth0:0
BOOTPROTO=static
IPADDR=10.0.77.1
NETMASK=255.255.255.0
VPN config – ipsec.conf (only the main piece):
auto=add
compress=yes
type=tunnel
keyexchange=ikev2
ike=...
esp=...
fragmentation=yes
forceencaps=yes
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftid=@myserver.com
leftcert=fullchain.pem
leftsendcert=always
leftsubnet=10.0.77.0/24
leftsourceip=10.0.77.1/32
right=%any
rightid=%any
rightauth=eap-mschapv2
rightsourceip=10.0.77.2-10.0.77.9
rightdns=10.0.77.1
rightsendcert=never
eap_identity=%identity
So, the server is 10.0.77.1 and clients will receive an IP between 10.0.77.2 and 10.0.77.9 (same subnet).
Client: Windows 10
Native client, connects and pings 10.0.77.1 fine.
Route table:
10.0.0.0 255.0.0.0 10.0.77.17 26
10.0.77.17 255.255.255.255 10.0.77.17 281
10.255.255.255 255.255.255.255 10.0.77.17 281
Client: Ubuntu 20.04 with Strongswan installed
Can connect normally, but cannot ping 10.0.77.1 and has no route entries to 10.*
Any ideas? Thanks a lot.
Update
No related to route table. Thanks to @ecdsa: ip route list table 220
Solution
I realized that the problem was related to the server firewall. A single iptables rule fixed the problem:
iptables -I INPUT -m policy --pol ipsec --dir in -j ACCEPT
Best Answer
I realized that, when I stop iptables, works.
After some hours trying, I found an iptables rule that fixed the problem:
Now I can ping the host from Ubuntu and open TCP connections on the server.