[strongSwan] Ping is not working after establishing a tunnel in strongswan
Rajiv Kulkarni
rajivkulkarni69 at gmail.com
Sat Apr 14 19:52:28 CEST 2012
Hi
can you try by disabling iptables on the GW running Strongswan (iam
assuming that it is a linux machine). Try executing these commands, then
start ipsec and then send traffic:
root# iptables -F
root# iptables -F -t nat
root# ipsec start --- or --- ipsec start --nofork
if above works, then you will need to everytime disable/flush iptables or
you can stop the iptables/fw daemon in the services permanently
hope this helps
rajiv
On Fri, Apr 13, 2012 at 12:01 AM, SaRaVanAn <saravanan.nagarajan87 at gmail.com
> wrote:
> Hi all,
>
> *Topology*
> +++++++
> eth0 eth0 eth1 VPN tunnel eth1
>
> Pc1 ---------------- -------GW ------------------------------ VPN server
> 172.31.114.230 172.31.114.231 50.1.1.239
> 50.1.1.227
>
> I have established a VPN tunnel between GW and VPN server using
> Strongswan. After I established the tunnel the GW is not reachable from PC1
> and ping fails. I have seen ARP requests in eth0 of GW, but its not
> replying for that. But if the tunnel is not there , ping is working fine.
> Please find my SPD rules below and let me know the reason for ping getting
> dropped.
>
> 0.0.0.0/0[any] <http://0.0.0.0/0%5Bany%5D> 50.1.1.239[any] any
> fwd prio high + 1073739901 ipsec
> esp/tunnel/50.1.1.227-50.1.1.239/unique:1
> created: Apr 12 00:38:26 2012 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=1378 seq=1 pid=23592
> refcnt=1
>
> 0.0.0.0/0[any] <http://0.0.0.0/0%5Bany%5D> 50.1.1.239[any] any
> in prio high + 1073739901 ipsec
> esp/tunnel/50.1.1.227-50.1.1.239/unique:1
> created: Apr 12 00:38:26 2012 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=1368 seq=2 pid=23592
> refcnt=1
> 50.1.1.239[any] 0.0.0.0/0[any] <http://0.0.0.0/0%5Bany%5D> any
> out prio high + 1073739901 ipsec
> esp/tunnel/50.1.1.239-50.1.1.227/unique:1
> created: Apr 12 00:38:26 2012 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=1361 seq=3 pid=23592
> refcnt=1
>
> Regards,
> Saravanan N
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120414/9860d81b/attachment.html>
More information about the Users
mailing list