[strongSwan] Why I can't ping the machine behind the server
张亚东
yadong_zhang at hotmail.com
Thu Oct 21 03:32:55 CEST 2010
I found that the farp plugin didn't work.
when I used the command arp to add arp information manually.
I got it work.
From: yadong_zhang at hotmail.com
To: users at lists.strongswan.org
Subject: Why I can't ping the machine behind the server
Date: Wed, 20 Oct 2010 03:37:18 +0000
Hi All:
I've build an environment as below(ref to : http://www.strongswan.org/uml/testresults44/ikev2/dhcp-dynamic/):
client(10.1.0.122)<----->Server(10.1.0.1)<------>DHCP Server(10.1.0.111)
when I set up the ipsec tunnel:
In the Server: ipsec statusall
Status of IKEv2 charon daemon (strongSwan 4.4.0): uptime: 10 minutes, since Oct 19 23:21:35 2010 worker threads: 7 idle of 16, job queue load: 0, scheduled events: 12 loaded plugins: aes des sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem openssl fips-prf xcbc hmac gmp attr kernel-netlink socket-raw farp stroke updown dhcp resolveListening IP addresses: 192.168.0.7 10.1.0.1Connections: host-host: 192.168.0.7...%any host-host: local: [server at xxx.com] uses public key authentication host-host: cert: "..." host-host: remote: [%any] uses any authentication host-host: child: 10.1.0.0/24 === dynamicSecurity Associations: host-host[6]: ESTABLISHED 73 seconds ago, 192.168.0.7[server at xxx.com]...192.168.0.244[client at xxx.com] host-host[6]: IKE SPIs: 8eda650302432f45_i 5cb16539b1929ca6_r*, public key reauthentication in 54 minutes host-host[6]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048 host-host{6}: INSTALLED, TUNNEL, ESP in UDP SPIs: cdad6a02_i cf364694_o host-host{6}: AES_CBC_128/HMAC_SHA1_96, 6132 bytes_i, 0 bytes_o, rekeying in 13 minutes host-host{6}: 10.1.0.0/24 === 10.1.0.122/32
I can ping the Server from client by the command: ping 10.1.0.1 -I 10.1.0.122but I can not ping the DHCP Server: ping 10.1.0.111 -I 10.1.0.122
and when I run the tcpdump on the Server(10.1.0.1)I just find a ping packet from 10.1.0.1 to 10.1.0.111but no answer from 10.1.0.111 to 10.1.0.1
and the /proc/sys/net/ipv4/ip_forward is 1
Is there anything wrong?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101021/9953e600/attachment.html>
More information about the Users
mailing list