ufw and strongswan

gistfile1.txt

DEFAULT_FORWARD_POLICY="ACCEPT"

# before.rules

# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT

#another beforee rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.168.1.0/24 -o venet0 -j MASQUERADE
COMMIT

and

sudo ufw allow 22/tcp
sudo ufw allow 443/tcp
sudo ufw allow 500/udp
sudo ufw allow 4500/udp
sudo ufw enable


tai sitten

...
# Don't delete these required lines, otherwise there will be errors
*nat
-A POSTROUTING -s 10.10.7.0/24 -o enp0s3 -m policy --pol ipsec --dir out -j ACCEPT
-A POSTROUTING -s 10.10.7.0/24 -o enp0s3 -j MASQUERADE
COMMIT
*mangle
-A FORWARD --match policy --pol ipsec --dir in -s 10.10.7.0/24 -o enp0s3 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 13
60
COMMIT
*filter
:ufw-before-input - [0:0]
:ufw-before-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-not-local - [0:0]
# End required lines
-A ufw-before-forward --match policy --pol ipsec --dir in --proto esp -s 10.10.7.0/24 -j ACCEPT
-A ufw-before-forward --match policy --pol ipsec --dir out --proto esp -d 10.10.7.0/24 -j ACCEPT