<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Hi,<br>
      <br>
      Would you like to explain it in details?<br>
      You mean that we should set VPN as default gateway?<br>
      <br>
      Thanks a lot.<br>
      Zhu Yanjun<br>
      On 05/06/2015 02:44 PM, Bernhard Marx wrote:<br>
    </div>
    <blockquote
cite="mid:CANg3f_7MqZE16VG__F+Fg9g9TpYUaNr3iSGJxpR_eRxOq5j5zA@mail.gmail.com"
      type="cite">
      <div dir="ltr">Hi all,
        <div><br>
        </div>
        <div>for my issue I could resolve it with adding a routing rule
          to all clients, because the VPN is not the default gateway for
          <a moz-do-not-send="true" href="http://192.168.120.0/24">192.168.120.0/24</a>
          network...</div>
        <div><br>
        </div>
        <div>Bernhard</div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">2015-05-05 5:12 GMT+02:00 zhuyj <span
            dir="ltr"><<a moz-do-not-send="true"
              href="mailto:mounter625@163.com" target="_blank">mounter625@163.com</a>></span>:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi, Noel<br>
            <br>
            This is the output of forwarding on sun:<span class=""><br>
              <br>
              root@strongswan2:~# cat /proc/sys/net/ipv4/ip_forward<br>
              1<br>
            </span>
            root@strongswan2:~# cat /proc/sys/net/ipv4/conf/<br>
            all/     default/ eth0/    eth1/    eth2/    lo/<br>
            root@strongswan2:~# cat
            /proc/sys/net/ipv4/conf/all/forwarding<br>
            1<br>
            root@strongswan2:~# cat
            /proc/sys/net/ipv4/conf/default/forwarding<br>
            1<br>
            root@strongswan2:~# cat
            /proc/sys/net/ipv4/conf/eth0/forwarding<br>
            1<br>
            root@strongswan2:~# cat
            /proc/sys/net/ipv4/conf/eth1/forwarding<br>
            1<br>
            root@strongswan2:~# cat
            /proc/sys/net/ipv4/conf/eth2/forwarding<br>
            1<br>
            <br>
            When I run "ping 10.2.0.1" on moon, I run "ipsec statusall"
            on sun<br>
            <br>
            On moon:<br>
            <br>
            root@strongswan1:~# ping 10.2.0.1<span class=""><br>
              PING 10.2.0.1 (10.2.0.1) 56(84) bytes of data.<br>
            </span>
            64 bytes from <a moz-do-not-send="true"
              href="http://10.2.0.1" target="_blank">10.2.0.1</a>:
            icmp_seq=1 ttl=64 time=0.410 ms<br>
            64 bytes from <a moz-do-not-send="true"
              href="http://10.2.0.1" target="_blank">10.2.0.1</a>:
            icmp_seq=2 ttl=64 time=0.285 ms<br>
            64 bytes from <a moz-do-not-send="true"
              href="http://10.2.0.1" target="_blank">10.2.0.1</a>:
            icmp_seq=3 ttl=64 time=0.338 ms<br>
            64 bytes from <a moz-do-not-send="true"
              href="http://10.2.0.1" target="_blank">10.2.0.1</a>:
            icmp_seq=4 ttl=64 time=0.373 ms<br>
            64 bytes from <a moz-do-not-send="true"
              href="http://10.2.0.1" target="_blank">10.2.0.1</a>:
            icmp_seq=5 ttl=64 time=0.300 ms<br>
            64 bytes from <a moz-do-not-send="true"
              href="http://10.2.0.1" target="_blank">10.2.0.1</a>:
            icmp_seq=6 ttl=64 time=0.424 ms<br>
            64 bytes from <a moz-do-not-send="true"
              href="http://10.2.0.1" target="_blank">10.2.0.1</a>:
            icmp_seq=7 ttl=64 time=3.11 ms<br>
            64 bytes from <a moz-do-not-send="true"
              href="http://10.2.0.1" target="_blank">10.2.0.1</a>:
            icmp_seq=8 ttl=64 time=0.422 ms<br>
            64 bytes from <a moz-do-not-send="true"
              href="http://10.2.0.1" target="_blank">10.2.0.1</a>:
            icmp_seq=9 ttl=64 time=2.88 ms<br>
            ^C<span class=""><br>
              --- 10.2.0.1 ping statistics ---<br>
            </span>
            9 packets transmitted, 9 received, 0% packet loss, time
            7998ms<br>
            rtt min/avg/max/mdev = 0.285/0.950/3.115/1.098 ms<br>
            <br>
            On Sun<br>
            <br>
            root@strongswan2:~# ipsec statusall<br>
            Status of IKE charon daemon (strongSwan 5.1.2, Linux
            3.19.0-15-generic, x86_64):<br>
              uptime: 19 minutes, since May 05 10:36:17 2015<br>
              malloc: sbrk 1486848, mmap 0, used 353968, free 1132880<br>
              worker threads: 11 of 16 idle, 5/0/0/0 working, job queue:
            0/0/0/0, scheduled: 2<br>
              loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4
            md5 random nonce x509 revocation constraints pkcs1 pkcs7
            pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr
            kernel-netlink resolve socket-default stroke updown
            eap-identity addrblock<br>
            Listening IP addresses:<br>
              128.224.162.165<br>
              11:2233:4455:6677:20c:29ff:fe70:bf88<br>
              192.168.0.2<br>
              11:2233:4455:6677:20c:29ff:fe70:bf92<br>
              10.2.0.1<br>
              11:2233:4455:6677:20c:29ff:fe70:bf9c<br>
            Connections:<br>
                 net-net:  192.168.0.2...192.168.0.1  IKEv1<br>
                 net-net:   local:  [<a moz-do-not-send="true"
              href="http://sun.strongswan.org" target="_blank">sun.strongswan.org</a>]
            uses pre-shared key authentication<br>
                 net-net:   remote: [<a moz-do-not-send="true"
              href="http://moon.strongswan.org" target="_blank">moon.strongswan.org</a>]
            uses pre-shared key authentication<br>
                 net-net:   child:  <a moz-do-not-send="true"
              href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> ===
            <a moz-do-not-send="true" href="http://10.1.0.0/16"
              target="_blank">10.1.0.0/16</a> TUNNEL<br>
            Routed Connections:<br>
                 net-net{1}:  ROUTED, TUNNEL<br>
                 net-net{1}:   <a moz-do-not-send="true"
              href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> ===
            <a moz-do-not-send="true" href="http://10.1.0.0/16"
              target="_blank">10.1.0.0/16</a><br>
            Security Associations (1 up, 0 connecting):<br>
                 net-net[1]: ESTABLISHED 19 minutes ago, 192.168.0.2[<a
              moz-do-not-send="true" href="http://sun.strongswan.org"
              target="_blank">sun.strongswan.org</a>]...192.168.0.1[<a
              moz-do-not-send="true" href="http://moon.strongswan.org"
              target="_blank">moon.strongswan.org</a>]<br>
                 net-net[1]: IKEv1 SPIs: 7233e70c634fa8aa_i
            eb8634d7b0b00874_r*, pre-shared key reauthentication in 37
            minutes<br>
                 net-net[1]: IKE proposal:
            AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048<br>
                 net-net{1}:  REKEYING, TUNNEL, expires in 5 minutes<br>
                 net-net{1}:   <a moz-do-not-send="true"
              href="http://10.2.0.0/16" target="_blank">10.2.0.0/16</a>
            === <a moz-do-not-send="true" href="http://10.1.0.0/16"
              target="_blank">10.1.0.0/16</a><br>
                 net-net{1}:  INSTALLED, TUNNEL, ESP SPIs: c043a424_i
            cf9ecbf3_o<br>
                 net-net{1}:  AES_CBC_128/HMAC_SHA1_96, 420 bytes_i (5
            pkts, 2s ago), 420 bytes_o (5 pkts, 2s ago), rekeying in 15
            minutes <----I can see the input/output packets.<br>
                 net-net{1}:   <a moz-do-not-send="true"
              href="http://10.2.0.0/16" target="_blank">10.2.0.0/16</a>
            === <a moz-do-not-send="true" href="http://10.1.0.0/16"
              target="_blank">10.1.0.0/16</a><br>
            <br>
            But when I run "ping 10.2.0.10" on Moon, I run "ipsec
            statusall" on Sun.<br>
            <br>
            On Moon:<br>
            <br>
            root@strongswan1:~# ping 10.2.0.10<span class=""><br>
              PING 10.2.0.10 (10.2.0.10) 56(84) bytes of data.<br>
            </span>
            ^C<span class=""><br>
              --- 10.2.0.10 ping statistics ---<br>
            </span>
            13 packets transmitted, 0 received, 100% packet loss, time
            12095ms<br>
            <br>
            On Sun:<br>
            <br>
            root@strongswan2:~# ipsec statusall<br>
            Status of IKE charon daemon (strongSwan 5.1.2, Linux
            3.19.0-15-generic, x86_64):<br>
              uptime: 24 minutes, since May 05 10:36:18 2015<br>
              malloc: sbrk 1486848, mmap 0, used 353968, free 1132880<br>
              worker threads: 11 of 16 idle, 5/0/0/0 working, job queue:
            0/0/0/0, scheduled: 2<br>
              loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4
            md5 random nonce x509 revocation constraints pkcs1 pkcs7
            pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr
            kernel-netlink resolve socket-default stroke updown
            eap-identity addrblock<br>
            Listening IP addresses:<br>
              128.224.162.165<br>
              11:2233:4455:6677:20c:29ff:fe70:bf88<br>
              192.168.0.2<br>
              11:2233:4455:6677:20c:29ff:fe70:bf92<br>
              10.2.0.1<br>
              11:2233:4455:6677:20c:29ff:fe70:bf9c<br>
            Connections:<br>
                 net-net:  192.168.0.2...192.168.0.1  IKEv1<br>
                 net-net:   local:  [<a moz-do-not-send="true"
              href="http://sun.strongswan.org" target="_blank">sun.strongswan.org</a>]
            uses pre-shared key authentication<br>
                 net-net:   remote: [<a moz-do-not-send="true"
              href="http://moon.strongswan.org" target="_blank">moon.strongswan.org</a>]
            uses pre-shared key authentication<br>
                 net-net:   child:  <a moz-do-not-send="true"
              href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> ===
            <a moz-do-not-send="true" href="http://10.1.0.0/16"
              target="_blank">10.1.0.0/16</a> TUNNEL<br>
            Routed Connections:<br>
                 net-net{1}:  ROUTED, TUNNEL<br>
                 net-net{1}:   <a moz-do-not-send="true"
              href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> ===
            <a moz-do-not-send="true" href="http://10.1.0.0/16"
              target="_blank">10.1.0.0/16</a><br>
            Security Associations (1 up, 0 connecting):<br>
                 net-net[1]: ESTABLISHED 24 minutes ago, 192.168.0.2[<a
              moz-do-not-send="true" href="http://sun.strongswan.org"
              target="_blank">sun.strongswan.org</a>]...192.168.0.1[<a
              moz-do-not-send="true" href="http://moon.strongswan.org"
              target="_blank">moon.strongswan.org</a>]<br>
                 net-net[1]: IKEv1 SPIs: 7233e70c634fa8aa_i
            eb8634d7b0b00874_r*, pre-shared key reauthentication in 32
            minutes<br>
                 net-net[1]: IKE proposal:
            AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048<br>
                 net-net{1}:  REKEYING, TUNNEL, expires in 33 seconds<br>
                 net-net{1}:   <a moz-do-not-send="true"
              href="http://10.2.0.0/16" target="_blank">10.2.0.0/16</a>
            === <a moz-do-not-send="true" href="http://10.1.0.0/16"
              target="_blank">10.1.0.0/16</a><br>
                 net-net{1}:  INSTALLED, TUNNEL, ESP SPIs: c043a424_i
            cf9ecbf3_o<br>
                 net-net{1}:  AES_CBC_128/HMAC_SHA1_96, 1512 bytes_i (18
            pkts, 1s ago), 672 bytes_o (8 pkts, 284s ago), rekeying in
            10 minutes <----I only find input packages.<br>
                 net-net{1}:   <a moz-do-not-send="true"
              href="http://10.2.0.0/16" target="_blank">10.2.0.0/16</a>
            === <a moz-do-not-send="true" href="http://10.1.0.0/16"
              target="_blank">10.1.0.0/16</a><br>
            <br>
            <br>
            In a word, when I run "ping 10.2.0.1", I run "ipsec
            statusall", I can see input/output packages.<br>
            <br>
            When I run "ping 10.2.0.10", I run "ipsec statusall", I can
            only see input packages.<br>
            I run "tcpdump -ni eth2 icmp", I can find the icmp reply
            packages.<br>
            That is, the icmp reply packages do not pass vpn tunnel.<br>
            <br>
            I do not know why.<br>
            <br>
            Best Regards!<br>
            <br>
            Zhu Yanjun
            <div class="HOEnZb">
              <div class="h5"><br>
                <br>
                On 05/04/2015 06:39 PM, Noel Kuntze wrote:<br>
                <blockquote class="gmail_quote" style="margin:0 0 0
                  .8ex;border-left:1px #ccc solid;padding-left:1ex">
                  -----BEGIN PGP SIGNED MESSAGE-----<br>
                  Hash: SHA256<br>
                  <br>
                  Hello Zhuyj,<br>
                  <br>
                  Please check that you enabled forwarding for the
                  network devices<br>
                  that are involved in the forwarding of the packages.<br>
                  Also, please check the counters in the output of ipsec
                  statusall to see,<br>
                  if the packets get decrypted. The counters should
                  increment, when you send<br>
                  packets to the remote subnet.<br>
                  <br>
                  Mit freundlichen Grüßen/Regards,<br>
                  Noel Kuntze<br>
                  <br>
                  Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F
                  63EC 6658<br>
                  <br>
                  Am 04.05.2015 um 12:34 schrieb zhuyj:<br>
                  <blockquote class="gmail_quote" style="margin:0 0 0
                    .8ex;border-left:1px #ccc solid;padding-left:1ex">
                    Hi, Noel<br>
                    <br>
                    Thanks for your reply.<br>
                    I read carefully this link: <a
                      moz-do-not-send="true"
href="https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling"
                      target="_blank">https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling</a><br>
                    <br>
                    In this link, I think, the most important is:
                    ip_forward and iptables.<br>
                    Now I show you the configurations on the sun:<br>
                    <br>
                    root@strongswan2:~# cat
                    /proc/sys/net/ipv4/ip_forward<br>
                    1<br>
                    root@strongswan2:~# iptables-save<br>
                    # Generated by iptables-save v1.4.21 on Mon May  4
                    18:29:28 2015<br>
                    *nat<br>
                    :PREROUTING ACCEPT [93:14126]<br>
                    :INPUT ACCEPT [36:4578]<br>
                    :OUTPUT ACCEPT [0:0]<br>
                    :POSTROUTING ACCEPT [1:84]<br>
                    -A POSTROUTING -s <a moz-do-not-send="true"
                      href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a>
                    -o eth1 -m policy --dir out --pol ipsec -j ACCEPT<br>
                    -A POSTROUTING -s <a moz-do-not-send="true"
                      href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a>
                    -o eth1 -j MASQUERADE<br>
                    COMMIT<br>
                    # Completed on Mon May  4 18:29:28 2015<br>
                    # Generated by iptables-save v1.4.21 on Mon May  4
                    18:29:28 2015<br>
                    *filter<br>
                    :INPUT ACCEPT [2033:256543]<br>
                    :FORWARD ACCEPT [0:0]<br>
                    :OUTPUT ACCEPT [182:23858]<br>
                    -A FORWARD -s <a moz-do-not-send="true"
                      href="http://10.1.0.0/16" target="_blank">10.1.0.0/16</a>
                    -d <a moz-do-not-send="true"
                      href="http://10.2.0.0/16" target="_blank">10.2.0.0/16</a>
                    -i eth1 -m policy --dir in --pol ipsec --reqid 1
                    --proto esp -j ACCEPT<br>
                    -A FORWARD -s <a moz-do-not-send="true"
                      href="http://10.2.0.0/16" target="_blank">10.2.0.0/16</a>
                    -d <a moz-do-not-send="true"
                      href="http://10.1.0.0/16" target="_blank">10.1.0.0/16</a>
                    -o eth1 -m policy --dir out --pol ipsec --reqid 1
                    --proto esp -j ACCEPT<br>
                    COMMIT<br>
                    # Completed on Mon May  4 18:29:28 2015<br>
                    <br>
                    I think, ip forward feature is enabled in sun. And
                    the iptables rules are inserted.<br>
                    But the result is the same.<br>
                    <br>
                    Any reply is appreciated.<br>
                    <br>
                    Thanks a lot.<br>
                    Zhu Yanjun<br>
                    <br>
                    On 05/04/2015 06:01 PM, Noel Kuntze wrote:<br>
                    Hello,<br>
                    <br>
                    Did you follow the guide for forwarding[1]?<br>
                    <br>
                    [1] <a moz-do-not-send="true"
href="https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling"
                      target="_blank">https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling</a><br>
                    <br>
                    Mit freundlichen Grüßen/Regards,<br>
                    Noel Kuntze<br>
                    <br>
                    Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F
                    63EC 6658<br>
                    <br>
                    Am 04.05.2015 um 11:25 schrieb zhuyj:<br>
                    <blockquote class="gmail_quote" style="margin:0 0 0
                      .8ex;border-left:1px #ccc solid;padding-left:1ex">
                      <blockquote class="gmail_quote" style="margin:0 0
                        0 .8ex;border-left:1px #ccc
                        solid;padding-left:1ex">
                        <blockquote class="gmail_quote" style="margin:0
                          0 0 .8ex;border-left:1px #ccc
                          solid;padding-left:1ex">
                          Hi,<br>
                          <br>
                          Are you using psk or certificate to auth?<br>
                          <br>
                          Best Regards!<br>
                          Zhu Yanjun<br>
                          On 05/04/2015 05:18 PM, zhuyj wrote:<br>
                          <blockquote class="gmail_quote"
                            style="margin:0 0 0 .8ex;border-left:1px
                            #ccc solid;padding-left:1ex">
                            Hi, Bernhard<br>
                            <br>
                            Your problem is the same with mine.<br>
                            <br>
                            Best Regards!<br>
                            Zhu Yanjun<br>
                            <br>
                            On 05/04/2015 05:00 PM, Bernhard Marx wrote:<br>
                            <blockquote class="gmail_quote"
                              style="margin:0 0 0 .8ex;border-left:1px
                              #ccc solid;padding-left:1ex">
                              Hi Zhu,<br>
                              <br>
                              no problem. I wish I would have :-)<br>
                              But moon and sun is connected via public
                              networks?<br>
                              This is my scenario:<br>
                              <br>
                              <a moz-do-not-send="true"
                                href="http://192.168.2.0/24"
                                target="_blank">192.168.2.0/24</a> <<a
                                moz-do-not-send="true"
                                href="http://192.168.2.0/24"
                                target="_blank">http://192.168.2.0/24</a>>
                              <=> 192.168.2.1 hardware router
                              xx.xx.xx.xx (public IP from provider)
                              <=> Internet <=> public IP on
                              eth0 192.168.120.125 <=> <a
                                moz-do-not-send="true"
                                href="http://192.168.120.0/24"
                                target="_blank">192.168.120.0/24</a>
                              <<a moz-do-not-send="true"
                                href="http://192.168.120.0/24"
                                target="_blank">http://192.168.120.0/24</a>>
                              on eth1<br>
                              <br>
                              I can ping from 192.168.120.125 to
                              192.168.2.1 and vice versa - but I can not
                              reach any devices in the subnet...<br>
                              <br>
                              Regards<br>
                              Bernhard<br>
                              <br>
                              <br>
                              2015-05-04 10:51 GMT+02:00 zhuyj <<a
                                moz-do-not-send="true"
                                href="mailto:mounter625@163.com"
                                target="_blank">mounter625@163.com</a>
                              <mailto:<a moz-do-not-send="true"
                                href="mailto:mounter625@163.com"
                                target="_blank">mounter625@163.com</a>>>:<br>
                              <br>
                                    Sorry. I thought your solve this
                              problem already.<br>
                                    Do you think that it is related with
                              psk or pubkey? I mean that strongswan can
                              support auth-based certificate very well.<br>
                                    Maybe there is something wrong with
                              psk auth?<br>
                              <br>
                                    Zhu Yanjun<br>
                              <br>
                              <br>
                                    On 05/04/2015 04:45 PM, zhuyj wrote:<br>
                              <blockquote class="gmail_quote"
                                style="margin:0 0 0 .8ex;border-left:1px
                                #ccc solid;padding-left:1ex">
                                      Hi, Marx<br>
                                <br>
                                      Please let me know how to solve
                                this problem.<br>
                                <br>
                                      Thanks a lot.<br>
                                      Zhu Yanjun<br>
                                <br>
                                      On 05/04/2015 04:22 PM, Bernhard
                                Marx wrote:<br>
                                <blockquote class="gmail_quote"
                                  style="margin:0 0 0
                                  .8ex;border-left:1px #ccc
                                  solid;padding-left:1ex">
                                        Dear Zhu,<br>
                                  <br>
                                        I think I have the issue... as
                                  send a request to mail list
                                  yesterday...<br>
                                  <br>
                                        Feedback I received is to check
                                  the routing of packets... but I cant
                                  identify the issue...<br>
                                  <br>
                                        Regards<br>
                                        Bernhard<br>
                                  <br>
                                        2015-05-04 10:17 GMT+02:00 zhuyj
                                  <<a moz-do-not-send="true"
                                    href="mailto:mounter625@163.com"
                                    target="_blank">mounter625@163.com</a>
                                  <mailto:<a moz-do-not-send="true"
                                    href="mailto:mounter625@163.com"
                                    target="_blank">mounter625@163.com</a>>>:<br>
                                  <br>
                                            Hi, all<br>
                                  <br>
                                            I followed this link: <a
                                    moz-do-not-send="true"
                                    href="http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/"
                                    target="_blank">http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/</a><br>
                                  <br>
                                            I configured 4 vmare hosts.
                                  The hosts are ubuntu14.04.<br>
                                  <br>
                                            The network topology is as
                                  below.<br>
                                  <br>
                                            10.1.0.10
                                  <---->10.1.0.1 (moon)
                                  192.168.0.1<----->192.168.0.2
                                  (sun) 10.2.0.1<---->10.2.0.10<br>
                                  <br>
                                            strongswan is 5.1.2.<br>
                                  <br>
                                            >From this link: <a
                                    moz-do-not-send="true"
                                    href="http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/"
                                    target="_blank">http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/</a>,
                                  after a vpn tunnel is created,<br>
                                            I ran "ping 10.2.0.10" on
                                  clinet 10.1.0.10. But I can not get
                                  any reply from 10.2.0.10.<br>
                                  <br>
                                            I can find the icmp packets
                                  into moon. But moon will not forward
                                  these icmp packets.<br>
                                  <br>
                                            I exactly followed this link
                                  <a moz-do-not-send="true"
                                    href="http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/"
                                    target="_blank">http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/</a>,
                                  but I can not get<br>
                                            the same test result with
                                  this link.<br>
                                  <br>
                                            Does any one have the
                                  similar experience?<br>
                                  <br>
                                            Any reply is appreciated.<br>
                                  <br>
                                            Thanks a lot.<br>
                                            Zhu Yanjun<br>
                                  <br>
                                  <br>
                                           
                                  _______________________________________________<br>
                                            Users mailing list<br>
                                            <a moz-do-not-send="true"
                                    href="mailto:Users@lists.strongswan.org"
                                    target="_blank">Users@lists.strongswan.org</a>
                                  <mailto:<a moz-do-not-send="true"
                                    href="mailto:Users@lists.strongswan.org"
                                    target="_blank">Users@lists.strongswan.org</a>><br>
                                            <a moz-do-not-send="true"
                                    href="https://lists.strongswan.org/mailman/listinfo/users"
                                    target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br>
                                  <br>
                                  <br>
                                  <br>
                                  <br>
                                       
                                  _______________________________________________<br>
                                        Users mailing list<br>
                                        <a moz-do-not-send="true"
                                    href="mailto:Users@lists.strongswan.org"
                                    target="_blank">Users@lists.strongswan.org</a>
                                  <mailto:<a moz-do-not-send="true"
                                    href="mailto:Users@lists.strongswan.org"
                                    target="_blank">Users@lists.strongswan.org</a>><br>
                                        <a moz-do-not-send="true"
                                    href="https://lists.strongswan.org/mailman/listinfo/users"
                                    target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br>
                                </blockquote>
                                <br>
                                     
                                _______________________________________________<br>
                                      Users mailing list<br>
                                      <a moz-do-not-send="true"
                                  href="mailto:Users@lists.strongswan.org"
                                  target="_blank">Users@lists.strongswan.org</a>
                                <mailto:<a moz-do-not-send="true"
                                  href="mailto:Users@lists.strongswan.org"
                                  target="_blank">Users@lists.strongswan.org</a>><br>
                                      <a moz-do-not-send="true"
                                  href="https://lists.strongswan.org/mailman/listinfo/users"
                                  target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br>
                              </blockquote>
                            </blockquote>
                            <br>
_______________________________________________<br>
                            Users mailing list<br>
                            <a moz-do-not-send="true"
                              href="mailto:Users@lists.strongswan.org"
                              target="_blank">Users@lists.strongswan.org</a><br>
                            <a moz-do-not-send="true"
                              href="https://lists.strongswan.org/mailman/listinfo/users"
                              target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br>
                          </blockquote>
                          <br>
_______________________________________________<br>
                          Users mailing list<br>
                          <a moz-do-not-send="true"
                            href="mailto:Users@lists.strongswan.org"
                            target="_blank">Users@lists.strongswan.org</a><br>
                          <a moz-do-not-send="true"
                            href="https://lists.strongswan.org/mailman/listinfo/users"
                            target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br>
                          <br>
                        </blockquote>
                      </blockquote>
                    </blockquote>
                    <br>
                  </blockquote>
                  -----BEGIN PGP SIGNATURE-----<br>
                  Version: GnuPG v2<br>
                  <br>
iQIcBAEBCAAGBQJVR0x7AAoJEDg5KY9j7GZYdoEQAI7bJaY+Iy5volndjpsV4xol<br>
3Sv2TPyVa/Fvo4BWYlFWtpLvAsyUkRDCOGycRV2iD3LVd6Y+WC8QeN2KXvcC6nvK<br>
y0mS3bhxgonrMVDuJ/Qmrk3qmNIx5TkvqAjuxSxeKoKhoL9zigbUhCX4xRoLg+fq<br>
83vPQ5tMw03+hWshfKd+f8VPbSy9P3YNQ+9fy4f69bFRKcHDwj/L2k45L7s5gRMG<br>
shFL/VvIEWlZqzBRHbWGw3t7GUUDtsUjpy7M/1KJ5XelS97i7PBeU+JTQWpW64W5<br>
HoVolQgqc9BarsG4pUTx+v5Q31YexUawEfNngzcp3WoDvYvhPe+8Dqq0rEsZYZV5<br>
4cIBBEyKkCJ8caR5bdV+etvy80pDj/bnfM5RXNSGERB9pwTPF+WvsAHm6LpS1iiF<br>
ATwqIcEwcsvwR50+twhRmH+yoV2bcNCqsOxrKLqp2H4nab1/q0+R0j1uMoCW6IHv<br>
6v5ZAVanPLCgI0a+re61hndrCPVoXiPYMg3abLKZVFXmqcDgoL42Qc7F1XL+0csR<br>
WsO3CGIe45g7PG9DZ3gjhs0PP2grIVy3LzsHUi6ONuB5Jhy7FTMkClaH36WPVD4+<br>
zOi7lKPWiNWg+OqXzf7Fkb3FJCz3vjOBG1ieRrSsO05JBmqsReFmWR6F3J44gd17<br>
                  F1t5/uhaSEb4435vTos7<br>
                  =URb/<br>
                  -----END PGP SIGNATURE-----<br>
                  <br>
                </blockquote>
                <br>
                <br>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
  </body>
</html>