<div dir="ltr">Those settings look good, please send this output:<div><br></div><div>$ sysctl -a | grep -e "forwarding"</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jan 14, 2020 at 4:08 AM <a href="mailto:cristiant@newro.co">cristiant@newro.co</a> <<a href="mailto:cristiant@newro.co">cristiant@newro.co</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div>
    Hi.<br>
    <p>Please, can anyone give some advices?</p>
    <p>Thank you!<br>
    </p>
    <div>On 1/13/20 4:41 PM, <a href="mailto:cristiant@newro.co" target="_blank">cristiant@newro.co</a>
      wrote:<br>
    </div>
    <blockquote type="cite">
      
      <p>/etc/ipsec.conf</p>
      <p># basic configuration<br>
        config setup<br>
                charondebug="all"<br>
                uniqueids=yes<br>
                strictcrlpolicy=no<br>
        <br>
        # connection 1<br>
        conn site1-to-site2<br>
          authby=secret<br>
          left=%defaultroute<br>
          leftid=111.111.111.45<br>
          leftsubnet=<a href="http://172.16.11.0/24" target="_blank">172.16.11.0/24</a><br>
          right=222.222.222.210<br>
          rightsubnet=<a href="http://172.16.15.0/24" target="_blank">172.16.15.0/24</a><br>
          ike=aes256-sha2_256-modp1024!<br>
          esp=aes256-sha2_256!<br>
          keyingtries=0<br>
          ikelifetime=1h<br>
          lifetime=8h<br>
          dpddelay=30<br>
          dpdtimeout=120<br>
          dpdaction=restart<br>
          auto=start<br>
      </p>
      <p>Only this file where I've defined  my site-to-site settings.</p>
      <p><br>
      </p>
      <div>On 1/13/20 4:36 PM, Felipe Arturo
        Polanco wrote:<br>
      </div>
      <blockquote type="cite">
        
        <div dir="ltr">Hi, 
          <div><br>
          </div>
          <div>Please also send the content of /etc/ipsec.conf and/or
            /etc/swanctl.conf , /etc/swanctl/swanctl.conf , the file
            where you defined your site-to-site settings.</div>
        </div>
        <br>
        <div class="gmail_quote">
          <div dir="ltr" class="gmail_attr">On Mon, Jan 13, 2020 at
            10:27 AM <a href="mailto:cristiant@newro.co" target="_blank">cristiant@newro.co</a> <<a href="mailto:cristiant@newro.co" target="_blank">cristiant@newro.co</a>>
            wrote:<br>
          </div>
          <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
            <div>
              <p>Also it ipsec.conf file</p>
              <p># basic configuration<br>
                config setup<br>
                        charondebug="all"<br>
                        uniqueids=yes<br>
                        strictcrlpolicy=no<br>
                <br>
                # connection to paris datacenter<br>
                conn totorum-to-camulodunum<br>
                  authby=secret<br>
                  left=%defaultroute<br>
                  leftid=111.111.111.45<br>
                  leftsubnet=<a href="http://172.16.11.0/24" target="_blank">172.16.11.0/24</a><br>
                  right=222.222.222.210<br>
                  rightsubnet=<a href="http://172.16.15.0/24" target="_blank">172.16.15.0/24</a><br>
                  ike=aes256-sha2_256-modp1024!<br>
                  esp=aes256-sha2_256!<br>
                  keyingtries=0<br>
                  ikelifetime=1h<br>
                  lifetime=8h<br>
                  dpddelay=30<br>
                  dpdtimeout=120<br>
                  dpdaction=restart<br>
                  auto=start<br>
                <br>
              </p>
              <div>On 1/13/20 4:15 PM, Felipe Arturo Polanco wrote:<br>
              </div>
              <blockquote type="cite">
                <div dir="ltr">Hi,
                  <div><br>
                  </div>
                  <div>Please send us the following information:</div>
                  <div><br>
                  </div>
                  <div>Strongswan configuration and<br>
                    Output of:</div>
                  <div>iptables-save</div>
                  <div>ip xfrm policy </div>
                  <div>ip route show</div>
                  <div>ip rule show</div>
                  <div>ip address show</div>
                  <div><br>
                  </div>
                  <div>Thanks,</div>
                  <div><br>
                  </div>
                </div>
                <br>
                <div class="gmail_quote">
                  <div dir="ltr" class="gmail_attr">On Mon, Jan 13, 2020
                    at 10:13 AM <a href="mailto:cristiant@newro.co" target="_blank">cristiant@newro.co</a>
                    <<a href="mailto:cristiant@newro.co" target="_blank">cristiant@newro.co</a>>
                    wrote:<br>
                  </div>
                  <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello,<br>
                    <br>
                    I am trying to set up a point-to-point VPN
                    connection between two KVM <br>
                    hosts running Ubuntu 18.04 LTS.<br>
                    <br>
                    For struggling fro more then a week to make it work
                    but without success.<br>
                    <br>
                    The tunnel seams to be running but I cannot make the
                    connection between <br>
                    internal subenets.<br>
                    <br>
                    Can anyone tell me what iptables rules should I set?<br>
                    <br>
                    Thank you!<br>
                    <br>
                    Best regards!<br>
                    <br>
                    <br>
                  </blockquote>
                </div>
              </blockquote>
            </div>
          </blockquote>
        </div>
      </blockquote>
    </blockquote>
  </div>

</blockquote></div>