[strongSwan] proxmox with strongswan
Karol Czachorowski
narel at utumno.pl
Wed Nov 5 22:08:58 CET 2014
Hi,
I have two Proxmox servers with a tunnel between them. One host has
internal network 10.99.5.0/24 and the second 10.99.6.0/24. They can see
each other (so ping from 10.99.5.2 to 10.99.6.2 works).
Both servers have OpenVZ containers connected to the bridged interface.
Containers from 10.99.5.0/24 cannot ping any host from 10.99.6.0/24 and
vice versa.
Here's iptables logs from host 10.99.5.2 (proxmox host) when trying to
ping it from 10.99.6.106 (container)
Nov 5 21:52:15 gondolin kernel: IN=vmbr0 OUT=
MAC=d4:3d:7e:e2:fd:68:3c:94:d5:4b:1d:1f:08:00 SRC=10.99.6.106
DST=10.99.5.2 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8
CODE=0 ID=10932 SEQ=3
And here is the log from 10.99.6.106 (container) when trying to ping it
from 10.99.5.2 (proxmox host):
Nov 5 21:53:53 morsy kernel: IN=eth0 OUT=
MAC=a2:96:3e:87:22:3a:02:9a:78:e9:fe:fa:08:00 SRC=10.99.5.2
DST=10.99.6.106 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP
TYPE=8 CODE=0 ID=9142 SEQ=3
In both cases there are no responses. But when trying from 10.99.5.2
(proxmox host) to 10.99.6.2 (proxmox host) everything is OK:
Nov 5 21:55:36 nevrast kernel: IN=vmbr0 OUT=
MAC=d4:3d:7e:f8:ee:60:54:e0:32:f2:a5:12:08:00 SRC=10.99.5.2
DST=10.99.6.2 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8
CODE=0 ID=9674 SEQ=22
Nov 5 21:55:36 nevrast kernel: IN= OUT=vmbr0 SRC=10.99.6.2
DST=10.99.5.2 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=2466 PROTO=ICMP TYPE=0
CODE=0 ID=9674 SEQ=22
How to diagnose such problem, any thoughts? I'm not sure if it's related
to Strongswan, Proxmox or my network setup...
thanks,
Karol
More information about the Users
mailing list