[strongSwan] Problem connecting to a Cisco Unity gateway

Sun Apr 26 23:46:09 CEST 2015

Huh, it is a bit complicated.
Routing table 220 empty... is not good most probably, but cannot help to 
fix it.
I would need to see configuration and packet dump to understand what 
packets go from where to there.

Anyway, it looks strange to me to route traffic into my own physical 
segment via gateway: 136.243.17.0/26 via 136.243.17.1 dev eth0 
But it will probably not help you.

Did you try to use lo:0 instead of eth0 for all you "loopback" addresses?

Miroslav

On Sunday, April 26, 2015 at 8:26:07 PM UTC+2, Bas van Dijk wrote:
>
> Hi Miroslav, 
>
> On 26 April 2015 at 08:26, Miroslav Svoboda <goodmirek at goodmirek.cz> 
> wrote: 
> > Please can you add output of: 
> > ip route show 
> > ip route show table 220 
> > ip xfrm state 
> > ip a 
>
> Here you go: 
>
> # ip route show 
> default via 136.243.17.1 dev eth0 
> 136.243.17.0/26 via 136.243.17.1 dev eth0 
> 172.16.48.16/28 dev eth0  proto kernel  scope link  src 172.16.48.17 
>
> # ip route show table 220 
>
> # ip xfrm state 
> src 136.243.25.108 dst 213.163.70.4 
>   proto esp spi 0x700e6b6c reqid 1 mode tunnel 
>   replay-window 32 flag af-unspec 
>   auth-trunc hmac(sha1) 0x6d969125d32fd66fb899abfc60c4328be1404c03 96 
>   enc cbc(aes) 0xd5562d5113dfc4a8b9a0679990282860 
> src 213.163.70.4 dst 136.243.25.108 
>   proto esp spi 0xc15e6adb reqid 1 mode tunnel 
>   replay-window 32 flag af-unspec 
>   auth-trunc hmac(sha1) 0xf2be74d8b38d26fc2e2ee3adb1ccb59a4d06ff09 96 
>   enc cbc(aes) 0x1c6770d03daa3fa8a317fb7f22d144c8 
>
> # ip a 
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
> group default 
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 
>     inet 127.0.0.1/8 scope host lo 
>        valid_lft forever preferred_lft forever 
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
> state UP group default qlen 1000 
>     link/ether 44:8a:5b:d8:85:8c brd ff:ff:ff:ff:ff:ff 
>     inet 136.243.25.125/32 scope global eth0 
>        valid_lft forever preferred_lft forever 
>     inet 136.243.25.108/32 scope global eth0 
>        valid_lft forever preferred_lft forever 
>     inet 172.16.48.17/28 scope global eth0 
>        valid_lft forever preferred_lft forever 
>     inet 136.243.17.41/26 scope global eth0 
>        valid_lft forever preferred_lft forever 
>
> > Are you able to successfully do: 
> > ip route add 10.180.0.0/24 via 172.16.48.17 
> > ? 
>
> Yes: 
>
> # ip route add 10.180.0.0/24 via 172.16.48.17 
>
> # ip route 
> default via 136.243.17.1 dev eth0 
> 10.180.0.0/24 via 172.16.48.17 dev eth0 
> 136.243.17.0/26 via 136.243.17.1 dev eth0 
> 172.16.48.16/28 dev eth0  proto kernel  scope link  src 172.16.48.17 
>
> Thanks for your time, 
>
> Bas 
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150426/9773b168/attachment-0001.html>