[strongSwan] Why I can't ping the machine behind the server

张亚东 yadong_zhang at hotmail.com
Thu Oct 21 03:32:55 CEST 2010

I found that the farp plugin didn't work.
when I used the command arp to add arp information manually.
I got it work.

From: yadong_zhang at hotmail.com
To: users at lists.strongswan.org
Subject: Why I can't ping the machine behind the server
Date: Wed, 20 Oct 2010 03:37:18 +0000

Hi All:
I've build an environment as below(ref to : http://www.strongswan.org/uml/testresults44/ikev2/dhcp-dynamic/):
client(<----->Server(<------>DHCP Server(
when I set up the ipsec tunnel:
In the Server: ipsec statusall
Status of IKEv2 charon daemon (strongSwan 4.4.0):  uptime: 10 minutes, since Oct 19 23:21:35 2010  worker threads: 7 idle of 16, job queue load: 0, scheduled events: 12  loaded plugins: aes des sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem openssl fips-prf xcbc hmac gmp attr kernel-netlink socket-raw farp stroke updown dhcp resolveListening IP addresses:   host-host:   host-host:   local:  [server at xxx.com] uses public key authentication   host-host:    cert:  "..."   host-host:   remote: [%any] uses any authentication   host-host:   child: === dynamicSecurity Associations:   host-host[6]: ESTABLISHED 73 seconds ago,[server at xxx.com]...[client at xxx.com]   host-host[6]: IKE SPIs: 8eda650302432f45_i 5cb16539b1929ca6_r*, public key reauthentication in 54 minutes   host-host[6]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048   host-host{6}:  INSTALLED, TUNNEL, ESP in UDP SPIs: cdad6a02_i cf364694_o   host-host{6}:  AES_CBC_128/HMAC_SHA1_96, 6132 bytes_i, 0 bytes_o, rekeying in 13 minutes   host-host{6}: ===
I can ping the Server from client by the command: ping -I I can not ping the DHCP Server: ping -I
and when I run the tcpdump on the Server( just find a ping packet from to no answer from to
and the /proc/sys/net/ipv4/ip_forward is 1
Is there anything wrong?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101021/9953e600/attachment.html>

More information about the Users mailing list