[strongSwan] IPSec Tunnel Up, But No Traffic

Vyronas Tsingaras vtsingaras at it.auth.gr
Tue Jul 29 22:36:19 CEST 2014 

Please post the output of

ip route show

On 29 July 2014 23:24:33 EEST, Joe Ryan <jr at aphyt.com> wrote:
>Hello Everyone,
>
>I have a DigitalOcean VPS running Ubuntu 12.04 that I want to connect
>to 
>with a BeagleBone running Debian so that I can access all of the
>devices 
>on the same subnet as the BeagleBone, and not have to worry about an IT
>
>department opening ports. I have tried this with both StrongSwan 4.5.2 
>and 5.2.0 and have the same result, so I'm sure it's my configuration. 
>After bringing up the the connection everything negotiates as expected,
>
>and the final line of ipsec status all is machinetun{1}:  
>10.128.0.0/16 
>=== 192.168.250.0/24 where machinetun is the connection 10.128.0.0/16
>is 
>a private network on DigitalOcean and the 192.168.250.0/24 is a private
>
>network on my machine. My logs show the CHILD_SA being established and 
>rekeyed as expected, with keep alive packets going out frequently, and 
>nothing to suggest a problem.
>
>At this point I would hope that I would be able to ping the gateway on 
>my machine, 192.168.250.60 from the DigitalOcean VPS private IP address
>
>using one of the following:
>
>#ping the BeagleBone gateway from DO
>ping 192.168.250.60
>#ping the BeagleBone gateway with an interface on the DO private
>network
>ping -I 10.128.120.160 192.168.250.60
>
>But get no results in this direction or the reverse.
>
>I also have net.ipv4.ip_forward 1 on both machines.
>
>My configurations are below, and I hope someone might have a good idea 
>what direction I can look to in to figure out what I've done wrong.
>
># BeagleBone Conf
>config setup
>         strictcrlpolicy=no
>         charondebug=1
>conn %default
>         ikelifetime=60m
>         keylife=20m
>         rekeymargin=3m
>         keyingtries=%forever
>         keyexchange=ikev2
>         left=%any
>         leftcert=beagleCert.der
>         leftid=beagle at hostname.com
>         lefthostaccess=yes
>         leftfirewall=yes
>
>conn machinetun
>         leftsourceip=%config
>	leftsubnet=192.168.250.0/24
>         right=hostname.com
>         rightid=@hostname.com
>         rightsubnet=10.128.0.0/16
>         auto=start
>
># DigitalOcean Conf
>config setup
>         strictcrlpolicy=no
>conn %default
>         ikelifetime=60m
>         keylife=20m
>         rekeymargin=3m
>         keyingtries=1
>         keyexchange=ikev2
>         left=%any
>         leftcert=svCert.der
>         leftid=@hostname.com
>         lefthostaccess=yes
>         leftfirewall=yes
>
>conn machinetun
>         leftsubnet=10.128.0.0/16
>         right=%any
>         rightsubnet=192.168.250.0/24
>         rightid=beagle at hostname.com
>         rightsourceip=10.128.0.50
>         auto=add
>
>Thank you,
>Joe
>_______________________________________________
>Users mailing list
>Users at lists.strongswan.org
>https://lists.strongswan.org/mailman/listinfo/users

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140729/335153d3/attachment.html>

More information about the Users mailing list