[strongSwan] Users Digest, Vol 12, Issue 21
Baizhan Li
label.sr at gmail.com
Thu Jan 20 12:13:36 CET 2011
Hi:
After the tunnel established, I ping 10.1.0.1 on the NAT-ed
host(Alice) PC. But it could not reach to Gateway sun.
I capture the net package with Wireshark, it seems that the package from
Alice is direct sent to 10.2.0.1, and the package is not route to IPSec
tunnel, the ICMP package is not encrypted. And because the ICMP package is
send out by the gateway moon to the 10.1.0.1, so the package cann't reach to
192.168.0.61(the gateway sun).
Why package didn't be sent in the tunnel on the host Alice? It is
very strange.
Best regards and hope your reply. Thank you very much.
-----Original Message-----
From: users-bounces+label.sr=gmail.com at lists.strongswan.org
[mailto:users-bounces+label.sr=gmail.com at lists.strongswan.org] On Behalf Of
users-request at lists.strongswan.org
Sent: 2011年1月20日 19:00
To: users at lists.strongswan.org
Subject: Users Digest, Vol 12, Issue 21
Send Users mailing list submissions to
users at lists.strongswan.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.strongswan.org/mailman/listinfo/users
or, via email, send a message with subject or body 'help' to
users-request at lists.strongswan.org
You can reach the person managing the list at
users-owner at lists.strongswan.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Users digest..."
Today's Topics:
1. Re: host could not reach to the internal PC after virtual IP
is assigned. (Martin Willi)
2. Re: host could not reach to the internal PC after virtual IP
is assigned. (Baizhan Li)
----------------------------------------------------------------------
Message: 1
Date: Thu, 20 Jan 2011 09:25:14 +0100
From: Martin Willi <martin at strongswan.org>
Subject: Re: [strongSwan] host could not reach to the internal PC
after virtual IP is assigned.
To: Baizhan Li <label.sr at gmail.com>
Cc: users at lists.strongswan.org
Message-ID: <1295511914.2017.20.camel at martin>
Content-Type: text/plain; charset="UTF-8"
Hi,
> 13[IKE] CHILD_SA hnb{1} established with SPIs cd15012c_i c9f2481c_o
> and TS 10.1.0.120/32 === 10.1.0.0/32
The tunnel gets established successfully. What's not working?
> According to the 5), it seems that the subnet 10.1.0.0 is not route to
> 192.168.0.61(the gateway sun?s IP). Why?
charon installs routes by default to the dedicated table 220, try
ip route show table 220
Regards
Martin
------------------------------
Message: 2
Date: Thu, 20 Jan 2011 16:29:28 +0800
From: "Baizhan Li" <label.sr at gmail.com>
Subject: Re: [strongSwan] host could not reach to the internal PC
after virtual IP is assigned.
To: "'Martin Willi'" <martin at strongswan.org>
Cc: users at lists.strongswan.org
Message-ID: <4d37f27b.47722a0a.0258.3a87 at mx.google.com>
Content-Type: text/plain; charset="UTF-8"
Hi:
The output is this when execute "ip route show table 220"
10.1.0.0 via 10.2.0.1 dev eth0 proto static src 10.1.0.120
-----Original Message-----
From: Martin Willi [mailto:martin at strongswan.org]
Sent: 2011?1?20? 16:25
To: Baizhan Li
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] host could not reach to the internal PC after
virtual IP is assigned.
Hi,
> 13[IKE] CHILD_SA hnb{1} established with SPIs cd15012c_i c9f2481c_o
> and TS 10.1.0.120/32 === 10.1.0.0/32
The tunnel gets established successfully. What's not working?
> According to the 5), it seems that the subnet 10.1.0.0 is not route to
> 192.168.0.61(the gateway sun?s IP). Why?
charon installs routes by default to the dedicated table 220, try
ip route show table 220
Regards
Martin
------------------------------
_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
End of Users Digest, Vol 12, Issue 21
*************************************
More information about the Users
mailing list