[strongSwan] Please help: Cannot route (statically) through the Strongswan tunnel

Răzvan Sandu razvan.sandu at mobexpert.ro
Fri Oct 4 11:31:37 CEST 2013


Hello,


... and thanks for your kind response.  :)


Pe 04.10.2013 11:00, Martin Willi a scris:

> How does your left/rightsubnet configuration look like? Have you
> included all the subnets to tunnel? What shows "ipsec statusall"?
>
> Does a ping from 10.2.1.0/24 make it to the first gateway? To the
> second? Does the reply get lost on the return path?
>

As an example, I have (for the left NAT gateway in the provided picture):

conn whatever
         left=82.73.46.12
         leftsubnet=82.73.43.12,192.168.1.0/24
         leftid=@left.example.com
         leftfirewall=yes
         right=140.5.12.76
         rightsubnet=140.5.12.76,10.1.1.0/24
         rightid=@right.example.com
         auto=start

and a mirror one at the right.

A ping from 10.2.1.0/24 reaches the first gateway (left.example.com) 
with no difficulty, as well as the Internet (including right.example.com 
on the public address, 140.5.12.76).

> Regards
> Martin

Thanks again,
Răzvan
-- 
*Vă rugăm să luați în considerare normele de protecție a mediului
înainte de a tipări acest mesaj.*

*Please consider the environment before printing this email.*

*NOTĂ:* Eventualele fișiere .odt, .ods, .odp, .odb, etc. atașate acestui
mesaj sunt documente în formatul *ISO OpenDocument (ISO/IEC
26300:2006)*. Vă încurajez să folosiți și Dvs. acest format liber, care
se generalizează rapid în întreaga lume. Dacă, momentan, nu puteți
deschide fișierele în cauză, vă rog să instalați *suita de birou
LibreOffice*, care poate fi descărcată, *gratuit și legal*, de la
http://www.libreoffice.org/ . Vă cer scuze pentru neplăcerea de moment
provocată!

*NOTE:* This e-mail message may have .odt, .ods, .odp, .odb files
attached. These are documents in *the ISO OpenDocument file format
(ISO/IEC 26300:2006)*. I kindly encourage you to use this free format
too, because it's an open standard whose acceptance is fastly growing
around the world. For the moment, if you cannot open the attached
documents, please download and install *the free office suite
LibreOffice* from http://www.libreoffice.org/ - which you can use *free
of charge and perfectly legal*. I apologize for this time inconvenience!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: razvan_sandu.vcf
Type: text/x-vcard
Size: 425 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131004/0f37042a/attachment.vcf>


More information about the Users mailing list