<html><head></head><body><div style="color:#000; background-color:#fff; font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px"><div id="yui_3_16_0_ym19_1_1498141936239_2874" dir="ltr">i am a newbie to VPN. vpn connected but packets not encrypted. </div><div id="yui_3_16_0_ym19_1_1498141936239_2874" dir="ltr"><br></div><div id="yui_3_16_0_ym19_1_1498141936239_2874" dir="ltr">pls kindly advise</div><div id="yui_3_16_0_ym19_1_1498141936239_2874" dir="ltr"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3237"><br id="yui_3_16_0_ym19_1_1498141936239_3238"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3239">10.A.0.4 (A server, strongswan) -> google firewall 35.A.167.172 -> 203.B.127.136 huawei vpn -> 203.B.127.14(public IP) B server</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3240"><br id="yui_3_16_0_ym19_1_1498141936239_3241"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3242">[A server] : can ping huawei vpn but not via tunnel. cannot ping B server</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3243">[B server] : can ping google firewall via tunnel</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3244"><br id="yui_3_16_0_ym19_1_1498141936239_3245"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3246">#strongswan statusall</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3247">Status of IKE charon daemon (strongSwan 5.4.0, Linux 2.6.32-696.3.2.el6.x86_64, x86_64):</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3248"> uptime: 3 hours, since Jun 22 10:32:40 2017</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3249"> malloc: sbrk 532480, mmap 0, used 395760, free 136720</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3250"> worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 9</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3251"> loaded plugins: charon aes des rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs8 pgp dnskey sshkey pem gcrypt fips-prf gmp xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3252">Listening IP addresses:</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3253"> 10.A.0.4</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3254">Connections:</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3255"> cmhk: %any...203.B.127.136 IKEv1/2</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3256"> cmhk: local: [10.A.0.4] uses pre-shared key authentication</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3257"> cmhk: remote: [203.B.127.136] uses pre-shared key authentication</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3258"> cmhk: child: 0.0.0.0/0 === 203.B.127.14/32 TUNNEL</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3259">Security Associations (1 up, 0 connecting):</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3260"> cmhk[5]: ESTABLISHED 45 minutes ago, 10.A.0.4[10.A.0.4]...203.B.127.136[203.B.127.136]</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3261"> cmhk[5]: IKEv1 SPIs: 93aaf2969c35614d_i 0d81525fcb1364fd_r*, pre-shared key reauthentication in 7 hours</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3262"> cmhk[5]: IKE proposal: 3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3263"> cmhk{5}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c519724e_i ccffe26a_o</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3264"> cmhk{5}: 3DES_CBC/HMAC_MD5_96/MODP_1024, 0 bytes_i, 0 bytes_o, rekeying in 17 minutes</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3265"> cmhk{5}: 35.A.167.172/32 === 203.B.127.14/32 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3266">-------------------------------</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3267">ipsec.conf</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3268"><br id="yui_3_16_0_ym19_1_1498141936239_3269"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3270">config setup</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3271"> # strictcrlpolicy=yes</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3272"> # uniqueids = no</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3273"> charondebug="ike 2, knl 1, cfg 2"</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3274"><br id="yui_3_16_0_ym19_1_1498141936239_3275"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3276">conn %default</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3277"> type=tunnel</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3278"> ike=3des-md5-modp1024</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3279"> ikelifetime=28800s</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3280"> esp=3des-md5-modp1024</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3281"> keylife=3600s</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3282"> keyexchange=ike</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3283"> authby=secret</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3284"><br id="yui_3_16_0_ym19_1_1498141936239_3285"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3286">conn cmhk</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3287"> left=%any</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3288"> leftsubnet=0.0.0.0/0</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3289"> right=203.B.127.136</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3290"> rightsubnet=0.0.0.0/0</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3291"> auto=add</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3292"><br id="yui_3_16_0_ym19_1_1498141936239_3293"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3294">------------------------------------</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3295">#ip xfrm policy</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3296">src 203.B.127.14/32 dst 35.A.167.172/32 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3297"> dir fwd priority 2819 ptype main </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3298"> tmpl src 203.B.127.136 dst 10.A.0.4</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3299"> proto esp reqid 1 mode tunnel</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3300">src 203.B.127.14/32 dst 35.A.167.172/32 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3301"> dir in priority 2819 ptype main </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3302"> tmpl src 203.B.127.136 dst 10.A.0.4</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3303"> proto esp reqid 1 mode tunnel</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3304">src 35.A.167.172/32 dst 203.B.127.14/32 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3305"> dir out priority 2819 ptype main </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3306"> tmpl src 10.A.0.4 dst 203.B.127.136</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3307"> proto esp reqid 1 mode tunnel</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3308">src 0.0.0.0/0 dst 0.0.0.0/0 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3309"> dir 3 priority 0 ptype main </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3310">src 0.0.0.0/0 dst 0.0.0.0/0 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3311"> dir 4 priority 0 ptype main </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3312">src 0.0.0.0/0 dst 0.0.0.0/0 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3313"> dir 3 priority 0 ptype main </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3314">src 0.0.0.0/0 dst 0.0.0.0/0 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3315"> dir 4 priority 0 ptype main </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3316">src ::/0 dst ::/0 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3317"> dir 3 priority 0 ptype main </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3318">src ::/0 dst ::/0 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3319"> dir 4 priority 0 ptype main </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3320">src ::/0 dst ::/0 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3321"> dir 3 priority 0 ptype main </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3322">src ::/0 dst ::/0 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3323"> dir 4 priority 0 ptype main </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3324">-------------------------------------------------</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3325">#ip route list table all</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3326">10.140.0.1 dev eth0 scope link </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3327">169.254.0.0/16 dev eth0 scope link metric 1002 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3328">default via 10.140.0.1 dev eth0 proto static </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3329">local 10.A.0.4 dev eth0 table local proto kernel scope host src 10.A.0.4 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3330">broadcast 10.A.0.4 dev eth0 table local proto kernel scope link src 10.A.0.4 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3331">broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3332">broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3333">local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3334">local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3335">unreachable default dev lo table unspec proto kernel metric -1 error -101 hoplimit 255</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3336">unreachable ::/96 dev lo metric 1024 error -113 mtu 65536</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3337">unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -113 mtu 65536</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3338">unreachable 2002:a00::/24 dev lo metric 1024 error -113 mtu 65536</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3339">unreachable 2002:7f00::/24 dev lo metric 1024 error -113 mtu 65536</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3340">unreachable 2002:a9fe::/32 dev lo metric 1024 error -113 mtu 65536</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3341">unreachable 2002:ac10::/28 dev lo metric 1024 error -113 mtu 65536</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3342">unreachable 2002:c0a8::/32 dev lo metric 1024 error -113 mtu 65536</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3343">unreachable 2002:e000::/19 dev lo metric 1024 error -113 mtu 65536</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3344">unreachable 3ffe:ffff::/32 dev lo metric 1024 error -113 mtu 65536</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3345">fe80::/64 dev eth0 proto kernel metric 256 mtu 1460</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3346">unreachable default dev lo table unspec proto kernel metric -1 error -101 hoplimit 255</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3347">local ::1 via :: dev lo table local proto none metric 0 mtu 65536</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3348">local fe80::4001:aff:fe8c:4 via :: dev lo table local proto none metric 0 mtu 65536</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3349">ff00::/8 dev eth0 table local metric 256 mtu 1460</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3350">unreachable default dev lo table unspec proto kernel metric -1 error -101 hoplimit 255</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3351">------------------------------------------------</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3352">------------------</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3353"># iptables -L</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3354">Chain INPUT (policy ACCEPT)</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3355">target prot opt source destination </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3356"><br id="yui_3_16_0_ym19_1_1498141936239_3357"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3358">Chain FORWARD (policy ACCEPT)</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3359">target prot opt source destination </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3360"><br id="yui_3_16_0_ym19_1_1498141936239_3361"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3362">Chain OUTPUT (policy ACCEPT)</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3363">target prot opt source destination </div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3364">=======================================================</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3365">[server A]</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3366">ping 203.B.127.136</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3367"><br id="yui_3_16_0_ym19_1_1498141936239_3368"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3369">14:10:11.675222 IP centos-6-2.c.centos-169715.internal > 203.B.127.136: ICMP echo request, id 62844, seq 7, length 64</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3370">14:10:11.691214 IP 203.B.127.136 > centos-6-2.c.centos-169715.internal: ICMP echo reply, id 62844, seq 7, length 64</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3371">14:10:11.733312 IP centos-6-2.c.centos-169715.internal.ipsec-nat-t > 203.B.127.136.ipsec-nat-t: isakmp-nat-keep-alive</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3372">[server A]</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3373"><br id="yui_3_16_0_ym19_1_1498141936239_3374"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3375">ping 203.B.127.14</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3376"><br id="yui_3_16_0_ym19_1_1498141936239_3377"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3378">tcpdump host 203.B.127.14</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3379">tcpdump: verbose output suppressed, use -v or -vv for full protocol decode</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3380">listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3381">14:11:44.079172 IP centos-6-2.c.centos-169715.internal > 203.B.127.14: ICMP echo request, id 63356, seq 39, length 64</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3382">14:11:45.079175 IP centos-6-2.c.centos-169715.internal > 203.B.127.14: ICMP echo request, id 63356, seq 40, length 64</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3383">14:11:46.079138 IP centos-6-2.c.centos-169715.internal > 203.B.127.14: ICMP echo request, id 63356, seq 41, length 64</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3384">14:11:47.079137 IP centos-6-2.c.centos-169715.internal > 203.B.127.14: ICMP echo request, id 63356, seq 42, length 64</div><div dir="ltr" id="yui_3_16_0_ym19_1_1498141936239_3385"><br id="yui_3_16_0_ym19_1_1498141936239_3386"></div></div></body></html>