<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>/etc/ipsec.conf</p>
    <p># basic configuration<br>
      config setup<br>
              charondebug="all"<br>
              uniqueids=yes<br>
              strictcrlpolicy=no<br>
      <br>
      # connection 1<br>
      conn site1-to-site2<br>
        authby=secret<br>
        left=%defaultroute<br>
        leftid=111.111.111.45<br>
        leftsubnet=172.16.11.0/24<br>
        right=222.222.222.210<br>
        rightsubnet=172.16.15.0/24<br>
        ike=aes256-sha2_256-modp1024!<br>
        esp=aes256-sha2_256!<br>
        keyingtries=0<br>
        ikelifetime=1h<br>
        lifetime=8h<br>
        dpddelay=30<br>
        dpdtimeout=120<br>
        dpdaction=restart<br>
        auto=start<br>
    </p>
    <p>Only this file where I've defined  my site-to-site settings.</p>
    <p><br>
    </p>
    <div class="moz-cite-prefix">On 1/13/20 4:36 PM, Felipe Arturo
      Polanco wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CADcj3=7+zbjzMKtKnF4p0u9pffS-289xoVmAN2TanA6aB5p_ZQ@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">Hi, 
        <div><br>
        </div>
        <div>Please also send the content of /etc/ipsec.conf and/or
          /etc/swanctl.conf , /etc/swanctl/swanctl.conf , the file where
          you defined your site-to-site settings.</div>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr" class="gmail_attr">On Mon, Jan 13, 2020 at 10:27
          AM <a href="mailto:cristiant@newro.co" moz-do-not-send="true">cristiant@newro.co</a>
          <<a href="mailto:cristiant@newro.co" moz-do-not-send="true">cristiant@newro.co</a>>
          wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px
          0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
          <div>
            <p>Also it ipsec.conf file</p>
            <p># basic configuration<br>
              config setup<br>
                      charondebug="all"<br>
                      uniqueids=yes<br>
                      strictcrlpolicy=no<br>
              <br>
              # connection to paris datacenter<br>
              conn totorum-to-camulodunum<br>
                authby=secret<br>
                left=%defaultroute<br>
                leftid=111.111.111.45<br>
                leftsubnet=<a href="http://172.16.11.0/24"
                target="_blank" moz-do-not-send="true">172.16.11.0/24</a><br>
                right=222.222.222.210<br>
                rightsubnet=<a href="http://172.16.15.0/24"
                target="_blank" moz-do-not-send="true">172.16.15.0/24</a><br>
                ike=aes256-sha2_256-modp1024!<br>
                esp=aes256-sha2_256!<br>
                keyingtries=0<br>
                ikelifetime=1h<br>
                lifetime=8h<br>
                dpddelay=30<br>
                dpdtimeout=120<br>
                dpdaction=restart<br>
                auto=start<br>
              <br>
            </p>
            <div>On 1/13/20 4:15 PM, Felipe Arturo Polanco wrote:<br>
            </div>
            <blockquote type="cite">
              <div dir="ltr">Hi,
                <div><br>
                </div>
                <div>Please send us the following information:</div>
                <div><br>
                </div>
                <div>Strongswan configuration and<br>
                  Output of:</div>
                <div>iptables-save</div>
                <div>ip xfrm policy </div>
                <div>ip route show</div>
                <div>ip rule show</div>
                <div>ip address show</div>
                <div><br>
                </div>
                <div>Thanks,</div>
                <div><br>
                </div>
              </div>
              <br>
              <div class="gmail_quote">
                <div dir="ltr" class="gmail_attr">On Mon, Jan 13, 2020
                  at 10:13 AM <a href="mailto:cristiant@newro.co"
                    target="_blank" moz-do-not-send="true">cristiant@newro.co</a>
                  <<a href="mailto:cristiant@newro.co"
                    target="_blank" moz-do-not-send="true">cristiant@newro.co</a>>
                  wrote:<br>
                </div>
                <blockquote class="gmail_quote" style="margin:0px 0px
                  0px 0.8ex;border-left:1px solid
                  rgb(204,204,204);padding-left:1ex">Hello,<br>
                  <br>
                  I am trying to set up a point-to-point VPN connection
                  between two KVM <br>
                  hosts running Ubuntu 18.04 LTS.<br>
                  <br>
                  For struggling fro more then a week to make it work
                  but without success.<br>
                  <br>
                  The tunnel seams to be running but I cannot make the
                  connection between <br>
                  internal subenets.<br>
                  <br>
                  Can anyone tell me what iptables rules should I set?<br>
                  <br>
                  Thank you!<br>
                  <br>
                  Best regards!<br>
                  <br>
                  <br>
                </blockquote>
              </div>
            </blockquote>
          </div>
        </blockquote>
      </div>
    </blockquote>
  </body>
</html>