<div dir="ltr">Hi Zhu,<div><br></div><div>no problem. I wish I would have :-)</div><div>But moon and sun is connected via public networks? </div><div>This is my scenario:</div><div><br></div><div><a href="http://192.168.2.0/24" target="_blank" style="font-size:12.8000001907349px">192.168.2.0/24</a><span style="font-size:12.8000001907349px"> <=> 192.168.2.1 hardware router xx.xx.xx.xx (public IP from provider) <=> Internet <=> public IP on eth0 192.168.120.125 <=> </span><a href="http://192.168.120.0/24" target="_blank" style="font-size:12.8000001907349px">192.168.120.0/24</a><span style="font-size:12.8000001907349px"> on eth1</span><br></div><div><br></div><div>I can ping from 192.168.120.125 to 192.168.2.1 and vice versa - but I can not reach any devices in the subnet...</div><div><br></div><div>Regards</div><div>Bernhard</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-05-04 10:51 GMT+02:00 zhuyj <span dir="ltr"><<a href="mailto:mounter625@163.com" target="_blank">mounter625@163.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    <div><span class="">Sorry. I thought your solve this
      problem already.  <br>
      Do you think that it is related with psk or pubkey? I mean that
      strongswan can support auth-based certificate very well.<br>
      Maybe there is something wrong with psk auth?<br>
      <br></span>
      Zhu Yanjun<div><div class="h5"><br>
      <br>
      On 05/04/2015 04:45 PM, zhuyj wrote:<br>
    </div></div></div><div><div class="h5">
    <blockquote type="cite">
      
      <div>Hi, Marx<br>
        <br>
        Please let me know how to solve this problem.<br>
        <br>
        Thanks a lot.<br>
        Zhu Yanjun<br>
        <br>
        On 05/04/2015 04:22 PM, Bernhard Marx wrote:<br>
      </div>
      <blockquote type="cite">
        <div dir="ltr">Dear <span style="font-size:12.8000001907349px">Zhu,</span>
          <div><span style="font-size:12.8000001907349px"><br>
            </span></div>
          <div><span style="font-size:12.8000001907349px">I think I have
              the issue... as send a request to mail list yesterday...</span></div>
          <div><span style="font-size:12.8000001907349px"><br>
            </span></div>
          <div><span style="font-size:12.8000001907349px">Feedback I
              received is to check the routing of packets... but I cant
              identify the issue...</span></div>
          <div><span style="font-size:12.8000001907349px"><br>
            </span></div>
          <div><span style="font-size:12.8000001907349px">Regards</span></div>
          <div><span style="font-size:12.8000001907349px">Bernhard</span></div>
        </div>
        <div class="gmail_extra"><br>
          <div class="gmail_quote">2015-05-04 10:17 GMT+02:00 zhuyj <span dir="ltr"><<a href="mailto:mounter625@163.com" target="_blank">mounter625@163.com</a>></span>:<br>
            <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi, all<br>
              <br>
              I followed this link: <a href="http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/" target="_blank">http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/</a><br>
              <br>
              I configured 4 vmare hosts. The hosts are ubuntu14.04.<br>
              <br>
              The network topology is as below.<br>
              <br>
              10.1.0.10 <---->10.1.0.1 (moon)
              192.168.0.1<----->192.168.0.2 (sun)
              10.2.0.1<---->10.2.0.10<br>
              <br>
              strongswan is 5.1.2.<br>
              <br>
              >From this link: <a href="http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/" target="_blank">http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/</a>,
              after a vpn tunnel is created,<br>
              I ran "ping 10.2.0.10" on clinet 10.1.0.10. But I can not
              get any reply from 10.2.0.10.<br>
              <br>
              I can find the icmp packets into moon. But moon will not
              forward these icmp packets.<br>
              <br>
              I exactly followed this link <a href="http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/" target="_blank">http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/</a>,
              but I can not get<br>
              the same test result with this link.<br>
              <br>
              Does any one have the similar experience?<br>
              <br>
              Any reply is appreciated.<br>
              <br>
              Thanks a lot.<br>
              Zhu Yanjun<br>
              <br>
              <br>
              _______________________________________________<br>
              Users mailing list<br>
              <a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a><br>
              <a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br>
            </blockquote>
          </div>
          <br>
        </div>
        <br>
        <fieldset></fieldset>
        <br>
        <pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>
<a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a></pre>
      </blockquote>
      <br>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>
<a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a></pre>
    </blockquote>
    <br>
  </div></div></div>

</blockquote></div><br></div>