[strongSwan] One-way tunnel
Jan Vejvalka
jan.vejvalka at datim.cz
Wed Jan 12 07:01:05 CET 2011
Hi *,
I'm new to strongSwan, trying to set it up to work with Cisco 7206VXR
to tunnel communication between networks on both sides, on IPv4 with
IKEv1, PSK.
With iptables, I monitor packets on my box.
Pings from the remote network to my local network come through and get
responded: esp in, echo-request forwarded, echo-reply forwarded, esp
out.
Pings in the opposite direction never make it: the echo-request is
forwarded, but no esp packet is sent out and the ping packet goes
further to the default gateway.
My configuration follows the one at
http://www.strongswan.org/uml/testresults/ikev1/net2net-psk/.
I'm using kernel 2.6.36.1, everything else is Slackware 13.1.
Any hint/help is much welcome.
Many thanks,
Jan
This is my ipsec.conf:
config setup
plutodebug=control
plutostart=yes
charondebug=none
charonstart=no
conn net-net
ikelifetime=86400s
keylife=3600s
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
ike=3des-md5-modp1024
esp=3des-md5
right=mypublicip
rightsubnet=theirpublicnet
left=mypublicip
leftsubnet=myprivatenet
leftfirewall=yes
auto=add
More information about the Users
mailing list