<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi All,<br>
<br>
I am facing a issue while establish tunnel through the nated
Public IP. When I connect to the same Strongswan server from LAN I
get "<b>CHILD_SA tunnel{2} established with SPIs cb7bd615_i
c3fb87d7_o and TS 172.25.12.38/32 == 172.25.1.23/32"</b>. But from
public network "IKE_SA tunnel is established but CHILD_SA tunnel" is
not displayed. Even during the public IP tunneling- "ip route list
table 220" no output in the server. Due to that traffic is also not
passing. <br>
The configuration file is same of both the client. It will be a big
help if someone can provide any solution. <br>
<p><br>
</p>
<p>root@Device_BD2009:~# ipsec up tunnel<br>
no files found matching '/etc/strongswan.d/*.conf'<br>
initiating IKE_SA tunnel[1] to X.X.X.X<br>
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP)
N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) ]<br>
sending packet: from 192.168.1.100[500] to X.X.X.X[500] (1080
bytes)<br>
received packet: from X.X.X.X[500] to 192.168.1.100[500] (464
bytes)<br>
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]<br>
local host is behind NAT, sending keep alives<br>
remote host is behind NAT<br>
authentication of '192.168.1.100' (myself) with pre-shared key<br>
establishing CHILD_SA tunnel<br>
generating IKE_AUTH request 1 [ IDi IDr AUTH SA TSi TSr
N(MULT_AUTH) N(EAP_ONLY) ]<br>
sending packet: from 192.168.1.100[4500] to X.X.X.X[4500] (332
bytes)<br>
received packet: from X.X.X.X[4500] to 192.168.1.100[4500] (220
bytes)<br>
parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(AUTH_LFT) ]<br>
authentication of 'X.X.X.X' with pre-shared key successful<br>
IKE_SA tunnel[1] established between
192.168.1.100[192.168.1.100]...X.X.X.X[X.X.X.X]<br>
scheduling reauthentication in 10015s<br>
maximum IKE_SA lifetime 10555s<br>
connection 'tunnel' established successfully<br>
</p>
<p><br>
</p>
<p>config setup<br>
</p>
<p> charondebug="all"<br>
uniqueids=no<br>
strictcrlpolicy=no<br>
conn %default<br>
conn tunnel #<br>
left=192.168.1.100<br>
leftsubnet=192.168.1.100/32<br>
right=X.X.X.X<br>
rightsubnet=X.X.X.X/32<br>
ike=aes256-sha1-modp2048<br>
esp=aes256-sha1<br>
keyingtries=1<br>
keylife=60m<br>
dpddelay=30s<br>
dpdtimeout=150s<br>
dpdaction=clear<br>
authby=psk<br>
auto=route<br>
keyexchange=ikev2<br>
type=tunnel<br>
mobike=no<br>
fragmentation=yes<br>
</p>
<div class="moz-signature">-- <br>
Thanks in advance. <br>
</div>
</body>
</html>