[strongSwan] One-way tunnel

Jan Vejvalka jan.vejvalka at datim.cz
Tue Jan 11 22:18:09 CET 2011


Hi *,

I'm new to strongSwan, trying to set it up to work with Cisco 7206VXR
to tunnel communication between networks on both sides, on IPv4 with
IKEv1, PSK.

With iptables, I monitor packets on my box.
Pings from the remote network to my local network come through and get
responded: esp in, echo-request forwarded, echo-reply forwarded, esp
out.
Pings in the opposite direction never make it: the echo-request is
forwarded, but no esp packet is sent out and the ping packet goes
further to the default gateway.

My configuration follows the one at
http://www.strongswan.org/uml/testresults/ikev1/net2net-psk/.
I'm using kernel 2.6.36.1, everything else is Slackware 13.1.

Any hint/help is much welcome.

Many thanks,

Jan


This is my ipsec.conf:

config setup
         plutodebug=control
         plutostart=yes
         charondebug=none
         charonstart=no

conn net-net
   ikelifetime=86400s
   keylife=3600s
   rekeymargin=3m
   keyingtries=1
   keyexchange=ikev1
   authby=secret
   ike=3des-md5-modp1024
   esp=3des-md5
   right=mypublicip
   rightsubnet=theirpublicnet
   left=mypublicip
   leftsubnet=myprivatenet
   leftfirewall=yes
   auto=add




More information about the Users mailing list