<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:΢ÈíÑźÚ
}
--></style>
</head>
<body class='hmmessage'>
Hi All:<div><br></div><div>I've build an environment as below(ref to : http://www.strongswan.org/uml/testresults44/ikev2/dhcp-dynamic/):</div><div><br></div><div>client(10.1.0.122)<----->Server(10.1.0.1)<------>DHCP Server(10.1.0.111)</div><div><br></div><div>when I set up the ipsec tunnel:</div><div><br></div><div>In the Server: ipsec statusall</div><div><br></div><div><div>Status of IKEv2 charon daemon (strongSwan 4.4.0):</div><div> uptime: 10 minutes, since Oct 19 23:21:35 2010</div><div> worker threads: 7 idle of 16, job queue load: 0, scheduled events: 12</div><div> loaded plugins: aes des sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem openssl fips-prf xcbc hmac gmp attr kernel-netlink socket-raw farp stroke updown dhcp resolve</div><div>Listening IP addresses:</div><div> 192.168.0.7</div><div> 10.1.0.1</div><div>Connections:</div><div> host-host: 192.168.0.7...%any</div><div> host-host: local: [server@xxx.com] uses public key authentication</div><div> host-host: cert: "..."</div><div> host-host: remote: [%any] uses any authentication</div><div> host-host: child: 10.1.0.0/24 === dynamic</div><div>Security Associations:</div><div> host-host[6]: ESTABLISHED 73 seconds ago, 192.168.0.7[server@xxx.com]...192.168.0.244[client@xxx.com]</div><div> host-host[6]: IKE SPIs: 8eda650302432f45_i 5cb16539b1929ca6_r*, public key reauthentication in 54 minutes</div><div> host-host[6]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048</div><div> host-host{6}: INSTALLED, TUNNEL, ESP in UDP SPIs: cdad6a02_i cf364694_o</div><div> host-host{6}: AES_CBC_128/HMAC_SHA1_96, 6132 bytes_i, 0 bytes_o, rekeying in 13 minutes</div><div> host-host{6}: 10.1.0.0/24 === 10.1.0.122/32</div></div><div><br></div><div>I can ping the Server from client by the command: ping 10.1.0.1 -I 10.1.0.122</div><div>but I can not ping the DHCP Server: ping 10.1.0.111 -I 10.1.0.122</div><div><br></div><div>and when I run the tcpdump on the Server(10.1.0.1)</div><div>I just find a ping packet from 10.1.0.1 to 10.1.0.111</div><div>but no answer from 10.1.0.111 to 10.1.0.1</div><div><br></div><div>and the /proc/sys/net/ipv4/ip_forward is 1</div><div><br></div><div>Is there anything wrong?</div><div><br></div><div><br></div> </body>
</html>