[strongSwan] Question on Networking in StrongSwan

Noel Kuntze noel at familie-kuntze.de
Wed Apr 2 21:03:14 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Ben,

You might want to check the traffic counter in the output of "ipsec statusall" to see if the tunnel is the problem or the other host.
It looks like this:
# ipsec statusall
<lots of stuff>
          foo{1}:  AES_CBC_256/HMAC_SHA1_96, 307160 bytes_i (1086 pkts, 66s ago), 126698 bytes_o (1263 pkts, 66s ago), rekeying in 2 hours
<more stuff>

If the traffic counter increments when you ping, the tunnel works fine and the problem is on the other side of it.

Regards
Noel Kuntze

Am 01.04.2014 11:18, schrieb Hay, Ben (TS Consulting):
>
> Hi Everyone
>
> 
>
> I am currently trying to implement StrongSwan into a proof of concept on a laptop running VM Workstation. I am having some issues with the networking between StrongSwan and the backend infrastructure.
>
> 
>
> This is how my network currently looks…
>
> 
>
> 
>
> 
>
> Currently I have a good connection from the mobile devices, through a router and into StrongSwan. So the VPN server is running and accepting requests. I can run a ping from the StrongSwan server to the router/mobile device fine. I can also run a ping from the DNS server to StrongSwan fine. However when I try to ping from Strong Swan to the DNS server, I get nothing at all. They are both on the same virtual subnet, and can ping in one direction but not the other.
>
> 
>
> So… pinging from the DNS server to StrongSwan, works fine…
>
> However when pinging from StrongSwan to the DNS server, I get no response.
>
> This is my routing table in StrongSwan.. As you can see there is a route to connect to the DNS server which is 172.17.61.10 out of eth1 which is correct, but when I run the command I get no response.
>
> 
>
> I have ran my environment on a different laptop to rule this out of the problem.
>
> 
>
> Does anyone have any bright ideas as to what might be causing this issues. Any help would be much appreciated.
>
> 
>
> Thanks in advance.
>
> 
>
> Regards
>
> * *
>
> *Ben Hay*
>
> Technology Consultant
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTPF7xAAoJEDg5KY9j7GZYm4UP/0RJ0iCYUKc7159b9KSz8uts
3JspSXo7VJBWAP7sFl7D7DOwJz0btJ4+vSjW60unyviFso2I0BwrjFsNKmPmkXhK
ca3gVkDJusRQtWnT4ZLEQiBDB0/xQ41Ce1eNCITSKeSmgFnYLsbH897hXcNJgUkS
xBGrSxsARPKgULouJOHxqyRh34sPoL+5RreU5f0KCikUDDcZ3ijLKI9gkiB/CMAL
sv0PX5FuM+pj8EATdcNhGKeAX92PVhucT3XzRMgtI2QQ2rYtOsgjQfwDLFbXA4/6
vfnmOQXS3qHI5HPTeCaUxY4a2GebvFdFHAqhSbglBOIvRb/uxv0oNiWWqZCvZr80
axWD0gPdwSTtl59O4MTUPlAt4Fber10zRw0iAnQ5MTWstPJGmpPZacU1TFGoWmfx
eDJk0ef1/QPsT9Quyp3AtKT3wSyrk2Bw4AS2qKxo90ZVllSFLBy0IsZt3qgP94W3
l5FtMrHUZI3ja1O/4sWrNODIGwrOLRi75ZjEuWUQl7Y4SYZ9bmbe+UQIAS3MrI+e
YacBTxt99YJ1BGkh/5998Y1cvFeqKKegpSgzuf0B+XgTh9OYdiCBf2lVO6i2FicT
eOOK0KqBae3+zcOhX0TW3181ACpYm9MV65nfAogNMRuQm09jdEsehf83O3cor6LA
o0zlrlRa7WuZDq7juLl9
=9ade
-----END PGP SIGNATURE-----



More information about the Users mailing list