Skip to content

Instantly share code, notes, and snippets.

@dunkelstern
Created August 7, 2016 19:14
Show Gist options
  • Save dunkelstern/07b3e0185467cfdbbfb224e9f01967da to your computer and use it in GitHub Desktop.
Save dunkelstern/07b3e0185467cfdbbfb224e9f01967da to your computer and use it in GitHub Desktop.
iptables rules for vpn config
# for ISAKMP (handling of security associations)
iptables -A INPUT -p udp --dport 500 --j ACCEPT
# for NAT-T (handling of IPsec between natted devices)
iptables -A INPUT -p udp --dport 4500 --j ACCEPT
# for ESP payload (the encrypted data packets)
iptables -A INPUT -p esp -j ACCEPT
# for the routing of packets on the server
iptables -t nat -A POSTROUTING -j SNAT --to-source %IP% -o eth0
# internet access
iptables -t nat -A POSTROUTING -s 10.0.42.0/24 -o eth0 -m policy --dir out --pol ipsec -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.0.42.0/24 -o eth0 -j MASQUERADE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment