Strongswan RoadWarrior VPN-Config

Question

I want to setup an VPN-Server for my local web traffic (iPhone/iPad/MacBook).

So far I managed to setup basic configuration with CA & Client-Cert. For the moment my client can connect to the server and access server resources, but has no route to the internet.

The server is accessible directly via public IP (no home installation...).

What do I need to change to route all my client traffic through the VPN-Server and enable internet access for my clients?

Thanks in advance

/etc/ipsec.conf

config setup

conn rw
    keyexchange=ikev1
    authby=xauthrsasig
    xauth=server
    auto=add
    #
    #LEFT (SERVER)
    left=%defaultroute
    leftsubnet=0.0.0.0/0
    leftfirewall=yes
    leftcert=serverCert.pem
    #
    #RIGHT (CLIENT)
    right=%any
    rightsubnet=10.0.0.0/24
    rightsourceip=10.0.0.0/24
    rightcert=clientCert.pem

iptables --list

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  10.0.0.1             anywhere             policy match dir in pol ipsec                                                                                                                reqid 1 proto esp
ACCEPT     all  --  anywhere             10.0.0.1             policy match dir out pol ipsec                                                                                                                reqid 1 proto esp

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Answer 1

Found the solution!

/etc/ipsec.conf

rightsubnet=10.0.0.0/24

iptables

iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -m policy --dir out --pol ipsec -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE

System

sysctl net.ipv4.ip_forward=1