<div dir="ltr"><div><div>Hi, </div><div>  I have successful connection from my Sierra Mac using strongswan-5.6.1 to our vpn server</div><div><br></div><div>$ sudo ipsec up  vpn</div><div style="font-style:italic">Password:</div><div style="font-style:italic">initiating IKE_SA vpn[2] to xxxx</div><div><i>...........<removed for brevity></i></div><div><i style="font-style:italic">installing 10.245.250.251 as DNS server</i></div></div><div><i>installing 10.245.250.227 as DNS server</i></div><div><i>installing new virtual IP 10.244.15.1</i></div><div><i>created TUN device: utun2</i></div><div><i>CHILD_SA vpn{2} established with SPIs c13091e4_i c869298c_o and TS <a href="http://10.244.15.1/32">10.244.15.1/32</a> === <a href="http://0.0.0.0/32">0.0.0.0/32</a></i></div><div><i>connection 'vpn' established successfully</i></div><div><i><br></i></div><div><div>$ ifconfig utun2</div><div style="font-style:italic">utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500</div><div style="font-style:italic"><span style="white-space:pre">   </span>options=6403<RXCSUM,TXCSUM,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM></div><div style="font-style:italic"><span style="white-space:pre"> </span>inet 10.244.15.1 --> 10.244.15.1 netmask 0xff000000</div></div><div style="font-style:italic"><br></div><div>but no traffic is flowing, can't reach hosts/internet. Actually I am not able to ping the VIP itself </div><div><br></div><div><div>$ ping 10.244.15.1</div><div><i>PING 10.244.15.1 (10.244.15.1): 56 data bytes</i></div><div><i>Request timeout for icmp_seq 0</i></div><div><i>Request timeout for icmp_seq 1</i></div><div><i>^C</i></div><div><i>--- 10.244.15.1 ping statistics ---</i></div><div><i>3 packets transmitted, 0 packets received, 100.0% packet loss</i></div></div><div><br></div><div>initiator configurations</div><div>````````````````````````````</div><div>config setup<br></div><div><div><br></div><div>conn %default</div><div>        compress=yes</div><div>        ikelifetime=20h</div><div>        keylife=20m</div><div>        rekeymargin=3m</div><div>        keyingtries=1</div><div>        keyexchange=ikev2</div><div><br></div><div>conn vpn</div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">       <span> </span></span>left=%any</div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">       <span> </span></span>leftid=<a href="mailto:karthik@altiscale.com">karthik@altiscale.com</a></div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">       <span> </span></span>rightid=@<a href="http://vpn02.rt1.altiscale.com">vpn02.rt1.altiscale.com</a></div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">       <span> </span></span>rightauth=pubkey</div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">       <span> </span></span>leftsourceip=%config</div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">       <span> </span></span>rightsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a></div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">       <span> </span></span>auto=add</div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">       <span> </span></span>ike=aes256-sha512-modp4096!</div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">       <span> </span></span>esp=aes128-sha512!</div></div><div><br></div><div>The same configs work well on a linux initiator. </div><div><br></div><div>Any suggestions please ? Please let me know if you need more info</div><div><br></div><div>Thanks</div></div>