[strongSwan] Antwort: Migration Openswan to strongSwan Net2Net

[Technik]

Hi all, 

I use Endian Firewalls (endian.com) to connect our offices to the 
headquarter with VPN. 
We have 20 office in star topology connected to our headquarter, each 
office running a different 10.x.0.0/16 network. 
With the 2.5 update Endian changed from openSwan to strongSwan. 
This change broke our VPN setup. 

I tracked down the issue and ended up at the strongSwan package. 
I setup 2 vanilla Debian 7 (wheezy) boxes as gateways with strongSwan 
4.5.2 and started testing. 

I'm able to setup a working Site-to-Site IKEv1 IPv4 Connection with PSK 
between the two nets. 
10.100.0.0/16===192.168.0.1[headquarter]...192.168.0.2[office1]===10.101.0.0/16 

Everything running fine, 

I went a step further and added a 3rd Debian box gateway as office2 
To get traffice routed between offices via headquarter our IPsec configs 
contain the headquarter as 10.0.0.0/8 
Headquarter "knows" all offices and routes traffic as needed. 
10.0.0.0/8===192.168.0.1[headquarter]...192.168.0.2[office1]===10.101.0.0/16 

10.0.0.0/8===192.168.0.1[headquarter]...192.168.0.3[office2]===10.102.0.0/16 

When I start strongSwan with this config it totally breaks the network in 
the offices, unable to ping localhost on the office VPN gateways. 

Any idea what's wrong? 
This setup works flawless with openSwan, 
The same setup in PacketTracer with static routes works too. 

My previous message contains a ZIP-File holding all configs etc. of my 
setup. 


Wolfgang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121211/fccabedb/attachment.html>