[strongSwan] Net2net and ip policy
Makai Zsolt
Makai.Zsolt at etv.hu
Thu Jun 3 13:11:59 CEST 2010
Hi,
Please, help me! I have got two strongswan servers and the connection is
ok. I must put a router between "left" and "leftsubnet":
Before: 192.168.100.0/22===x.x.x.186---x.x.x.230===192.168.11.0/24
Now: 192.168.100.0/22==={router
192.168.100.254-x.x.x.185}===x.x.x.186---x.x.x.230===192.168.11.0/24
Ipsec.conf:
config setup
plutodebug=control
charonstart=no
conn %default
left=%defaultroute
leftsubnet=192.168.100.0/22
conn paks
right=x.x.x.230
rightsubnet=192.168.11.0/24
authby=secret
auth=esp
auto=add
Ip xfrm policy:
src 192.168.100.0/22 dst 192.168.11.0/24
dir out priority 2408 ptype main
tmpl src x.x.x.186 dst x.x.x.230
proto esp reqid 16385 mode tunnel
src 192.168.11.0/24 dst 192.168.100.0/22
dir fwd priority 2408 ptype main
tmpl src x.x.x.230 dst x.x.x.186
proto esp reqid 16385 mode tunnel
src 192.168.11.0/24 dst 192.168.100.0/22
dir in priority 2408 ptype main
tmpl src x.x.x.230 dst x.x.x.186
proto esp reqid 16385 mode tunnel
Route:
192.168.100.0 x.x.x.185 255.255.252.0 UG 0 0 0 eth1
0.0.0.0 x.x.x.180 0.0.0.0 UG 0 0 0 eth1
The vpn tunnel has been established, of course, but the ping from
192.168.100.2 to 192.168.11.3 has been failed.
Tcpdump:
12:45:51.760782 IP 192.168.100.2 > 192.168.11.3: ICMP echo request, id
512, seq 15360, length 40
12:45:51.760931 IP x.x.x.186.euroweb.hu > 192.168.100.2: ICMP host
192.168.11.3 unreachable - admin prohibited, length 68
The ipsec.conf i did not change. I removed the direct network connection
to 192.168.100.0/22 from the "left" server and i rewrote it the routing
table. What it is necessary to do yet, that allowing let the route be?
Thank you,
Zsolt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100603/3321ac33/attachment.html>
More information about the Users
mailing list