<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>/etc/ipsec.conf</p>
<p># basic configuration<br>
config setup<br>
charondebug="all"<br>
uniqueids=yes<br>
strictcrlpolicy=no<br>
<br>
# connection 1<br>
conn site1-to-site2<br>
authby=secret<br>
left=%defaultroute<br>
leftid=111.111.111.45<br>
leftsubnet=172.16.11.0/24<br>
right=222.222.222.210<br>
rightsubnet=172.16.15.0/24<br>
ike=aes256-sha2_256-modp1024!<br>
esp=aes256-sha2_256!<br>
keyingtries=0<br>
ikelifetime=1h<br>
lifetime=8h<br>
dpddelay=30<br>
dpdtimeout=120<br>
dpdaction=restart<br>
auto=start<br>
</p>
<p>Only this file where I've defined my site-to-site settings.</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 1/13/20 4:36 PM, Felipe Arturo
Polanco wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CADcj3=7+zbjzMKtKnF4p0u9pffS-289xoVmAN2TanA6aB5p_ZQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Hi,
<div><br>
</div>
<div>Please also send the content of /etc/ipsec.conf and/or
/etc/swanctl.conf , /etc/swanctl/swanctl.conf , the file where
you defined your site-to-site settings.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, Jan 13, 2020 at 10:27
AM <a href="mailto:cristiant@newro.co" moz-do-not-send="true">cristiant@newro.co</a>
<<a href="mailto:cristiant@newro.co" moz-do-not-send="true">cristiant@newro.co</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Also it ipsec.conf file</p>
<p># basic configuration<br>
config setup<br>
charondebug="all"<br>
uniqueids=yes<br>
strictcrlpolicy=no<br>
<br>
# connection to paris datacenter<br>
conn totorum-to-camulodunum<br>
authby=secret<br>
left=%defaultroute<br>
leftid=111.111.111.45<br>
leftsubnet=<a href="http://172.16.11.0/24"
target="_blank" moz-do-not-send="true">172.16.11.0/24</a><br>
right=222.222.222.210<br>
rightsubnet=<a href="http://172.16.15.0/24"
target="_blank" moz-do-not-send="true">172.16.15.0/24</a><br>
ike=aes256-sha2_256-modp1024!<br>
esp=aes256-sha2_256!<br>
keyingtries=0<br>
ikelifetime=1h<br>
lifetime=8h<br>
dpddelay=30<br>
dpdtimeout=120<br>
dpdaction=restart<br>
auto=start<br>
<br>
</p>
<div>On 1/13/20 4:15 PM, Felipe Arturo Polanco wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>Please send us the following information:</div>
<div><br>
</div>
<div>Strongswan configuration and<br>
Output of:</div>
<div>iptables-save</div>
<div>ip xfrm policy </div>
<div>ip route show</div>
<div>ip rule show</div>
<div>ip address show</div>
<div><br>
</div>
<div>Thanks,</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, Jan 13, 2020
at 10:13 AM <a href="mailto:cristiant@newro.co"
target="_blank" moz-do-not-send="true">cristiant@newro.co</a>
<<a href="mailto:cristiant@newro.co"
target="_blank" moz-do-not-send="true">cristiant@newro.co</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">Hello,<br>
<br>
I am trying to set up a point-to-point VPN connection
between two KVM <br>
hosts running Ubuntu 18.04 LTS.<br>
<br>
For struggling fro more then a week to make it work
but without success.<br>
<br>
The tunnel seams to be running but I cannot make the
connection between <br>
internal subenets.<br>
<br>
Can anyone tell me what iptables rules should I set?<br>
<br>
Thank you!<br>
<br>
Best regards!<br>
<br>
<br>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</body>
</html>