Closed gugajazz closed 1 year ago
@gugajazz Why do you close this issue? I have encountered the same problem. Do you have any solution for it?
Sorry, I didn't think anyone else was facing the same issue. Yes I have figured out a solution, i will write here what I did as soon as I have time today :) A quick explanation is that essentially instead of trying to reach the service through the external IP and an open port in the router It works well if we try and reach it using the internal IP of the machine running it (no need for open ports). I will explain better soon though, I hope I can help.
The issue I have this VPN running in a docker container, when i connect to it using ikev2 everything works well and going to "What is my ip" shows me the VPN's IP as expected. I also have a service in a different port in that same computer. When i am connected to the VPN and go to access that service the packets the service receives are from my original IP and not from the VPN's ip or even from a internal IP. It's crucial for me to be able to distinguish when someone is accessing my service after authenticating with the VPN or before, and because of this behavior I am unable.
I have confirmed that all the packages from the connected client show the VPN's IP when going to external IPs, but when going to the same IP as the VPN they show the source IP as coming from the actual client's IP.
I am analyzing the packages with
sudo tcpdump -i enp5s0 -n dst port 52443
so the UFW rules shouldn't affect what I'm seeing. This is an example:20:28:42.043831 IP {theClient'sIP}.7928 > 192.168.1.200.52443: Flags [S], seq 1645898948, win 64240, options [mss 1420,nop,wscale 8,nop,nop,sackOK], length 0
In here I would like to see either a local IP or the VPN's IP instead of {theClient'sIP}.Expected behavior I expected that the service at 52443 would be able to tell by the source address whether the user was connected to the VPN or not, be that because the ip was the same as the VPN or because it was an internal IP.
Logs These are the contents of my ikev2.conf. Maybe the solution is in one of these settings, but I have read everything in these documents https://libreswan.org/man/ipsec.conf.5.html like 5 times and nothing got it to work.
These are my IPTables rules
Server
Client
Additional context I have read and tried almost everything for countless hours, any help is seriously appreciated and sorry if this is more appropriate for the Libreswan or the Docker ipsec repo. Thanks in advance and thanks for the amazing solution that is this repo.