<html><head></head><body>Please post the output of<br>
<br>
ip route show<br><br><div class="gmail_quote">On 29 July 2014 23:24:33 EEST, Joe Ryan <jr@aphyt.com> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">Hello Everyone,<br /><br />I have a DigitalOcean VPS running Ubuntu 12.04 that I want to connect to <br />with a BeagleBone running Debian so that I can access all of the devices <br />on the same subnet as the BeagleBone, and not have to worry about an IT <br />department opening ports. I have tried this with both StrongSwan 4.5.2 <br />and 5.2.0 and have the same result, so I'm sure it's my configuration. <br />After bringing up the the connection everything negotiates as expected, <br />and the final line of ipsec status all is machinetun{1}: <a href="http://10.128.0.0/16">10.128.0.0/16</a> <br />=== <a href="http://192.168.250.0/24">192.168.250.0/24</a> where machinetun is the connection <a href="http://10.128.0.0/16">10.128.0.0/16</a> is <br />a private network on DigitalOcean and the <a href="http://192.168.250.0/24">192.168.250.0/24</a> is a private <br />network on my machine. My logs show the CHILD_SA being established and <br />rekeyed as expe!
cted,
with keep alive packets going out frequently, and <br />nothing to suggest a problem.<br /><br />At this point I would hope that I would be able to ping the gateway on <br />my machine, <a href="http://192.168.250.60">192.168.250.60</a> from the DigitalOcean VPS private IP address <br />using one of the following:<br /><br />#ping the BeagleBone gateway from DO<br />ping <a href="http://192.168.250.60">192.168.250.60</a><br />#ping the BeagleBone gateway with an interface on the DO private network<br />ping -I <a href="http://10.128.120.160">10.128.120.160</a> <a href="http://192.168.250.60">192.168.250.60</a><br /><br />But get no results in this direction or the reverse.<br /><br />I also have net.ipv4.ip_forward 1 on both machines.<br /><br />My configurations are below, and I hope someone might have a good idea <br />what direction I can look to in to figure out what I've done wrong.<br /><br /># BeagleBone Conf<br />config setup<br /> strictcrlpolicy=no<br /> !
charondebug=1<br />conn %default<br /> ikelifetime=60m<br /> keylife=20m<br /> rekeymargin=3m<br /> keyingtries=%forever<br /> keyexchange=ikev2<br /> left=%any<br /> leftcert=beagleCert.der<br /> leftid=beagle@hostname.com<br /> lefthostaccess=yes<br /> leftfirewall=yes<br /><br />conn machinetun<br /> leftsourceip=%config<br /> leftsubnet=<a href="http://192.168.250.0/24">192.168.250.0/24</a><br /> right=<a href="http://hostname.com">hostname.com</a><br /> rightid=@hostname.com<br /> rightsubnet=<a href="http://10.128.0.0/16">10.128.0.0/16</a><br /> auto=start<br /><br /># DigitalOcean Conf<br />config setup<br /> strictcrlpolicy=no<br />conn %default<br /> ikelifetime=60m<br /> keylife=20m<br /> rekeymargin=3m<br /> keyingtries=1<br /> keyexchange=ikev2<br /> left=%any<br /> leftcert=svCert.!
der<br
/> leftid=@hostname.com<br /> lefthostaccess=yes<br /> leftfirewall=yes<br /><br />conn machinetun<br /> leftsubnet=<a href="http://10.128.0.0/16">10.128.0.0/16</a><br /> right=%any<br /> rightsubnet=<a href="http://192.168.250.0/24">192.168.250.0/24</a><br /> rightid=beagle@hostname.com<br /> rightsourceip=<a href="http://10.128.0.50">10.128.0.50</a><br /> auto=add<br /><br />Thank you,<br />Joe<br /><hr /><br />Users mailing list<br />Users@lists.strongswan.org<br /><a href="https://lists.strongswan.org/mailman/listinfo/users">https://lists.strongswan.org/mailman/listinfo/users</a><br /></pre></blockquote></div><br>
-- <br>
Sent from my Android device with K-9 Mail. Please excuse my brevity.</body></html>