[strongSwan] Why I can't ping the machine behind the server

[张亚东]

Hi All:
I've build an environment as below(ref to : http://www.strongswan.org/uml/testresults44/ikev2/dhcp-dynamic/):
client(10.1.0.122)<----->Server(10.1.0.1)<------>DHCP Server(10.1.0.111)
when I set up the ipsec tunnel:
In the Server: ipsec statusall
Status of IKEv2 charon daemon (strongSwan 4.4.0):  uptime: 10 minutes, since Oct 19 23:21:35 2010  worker threads: 7 idle of 16, job queue load: 0, scheduled events: 12  loaded plugins: aes des sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem openssl fips-prf xcbc hmac gmp attr kernel-netlink socket-raw farp stroke updown dhcp resolveListening IP addresses:  192.168.0.7  10.1.0.1Connections:   host-host:  192.168.0.7...%any   host-host:   local:  [server at xxx.com] uses public key authentication   host-host:    cert:  "..."   host-host:   remote: [%any] uses any authentication   host-host:   child:  10.1.0.0/24 === dynamicSecurity Associations:   host-host[6]: ESTABLISHED 73 seconds ago, 192.168.0.7[server at xxx.com]...192.168.0.244[client at xxx.com]   host-host[6]: IKE SPIs: 8eda650302432f45_i 5cb16539b1929ca6_r*, public key reauthentication in 54 minutes   host-host[6]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048   host-host{6}:  INSTALLED, TUNNEL, ESP in UDP SPIs: cdad6a02_i cf364694_o   host-host{6}:  AES_CBC_128/HMAC_SHA1_96, 6132 bytes_i, 0 bytes_o, rekeying in 13 minutes   host-host{6}:   10.1.0.0/24 === 10.1.0.122/32
I can ping the Server from client by the command: ping 10.1.0.1 -I 10.1.0.122but I can not ping the DHCP Server: ping 10.1.0.111 -I 10.1.0.122
and when I run the tcpdump on the Server(10.1.0.1)I just find a ping packet from 10.1.0.1 to 10.1.0.111but no answer from 10.1.0.111 to 10.1.0.1
and the /proc/sys/net/ipv4/ip_forward is 1
Is there anything wrong?

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101020/4d713f48/attachment.html>