IPsec road warrior tunnel all traffic

cbka · March 12, 2023, 11:25pm

Hi folks,

i am trying to setup a ikev2 road warrior scenario where all traffic from the client should be routet through the IPsec GW
my problem is that the “no Track Chain=prerouting” disables masuqerading for the clients and so no traffic is passing…

any quick advise how to accomplish that all traffic from the client is routet through the CHR which is my IPsec Serverand gets masqueraded to the public ip of the CHR ?

with split tunneling averything works fine except for traffic on LAN interface of CHR but routet subnets with distances >0 are working just fine..

also the firewall filter forward chain is matching policies… i don’t get this no track stuff…

Cheers,

Chris

anav · March 13, 2023, 12:19am

If you want to use fireguard…oops wireguard LOL, it takes 10 minute max to setup. Not familiar with ipsec and its best suited for an enterprise environment anyway

cbka · March 13, 2023, 9:06am

hi There, unfortunatly this is no optoin as the ipsec config is used for alwaysOn VPN

pe1chl · March 13, 2023, 9:51am

Why do you have the “no Track Chain=prerouting” ?
that seems the source of your problems…

anav · March 13, 2023, 11:10am

Always on.? … that is why there is a persistent keep alive setting on the wireguard client side… assuming the client device (router) is always on, the tunnel is always up.

cbka · March 20, 2023, 8:25pm

what would be the alternative 2 this ?
sorry for the delayed answer