[strongSwan] Problem connecting to a Cisco Unity gateway

Miroslav Svoboda goodmirek at goodmirek.cz
Mon Apr 27 17:40:38 CEST 2015 

Bas,

Thanks for letting know!
It will for sure help someone in the future. This kind of troubleshooting
is tough :)

Regards,
Miroslav

Miroslav Svoboda | +420 608 224 486

On 27 April 2015 at 16:26, Bas van Dijk <v.dijk.bas at gmail.com> wrote:

> I just discovered that I can successfully manually add the route if I
> leave of the "via <gateway>" option:
>
> # ip route add  10.180.0.0/24 src 172.16.48.17 dev eth0
>
> After this I can successfully ping hosts on the other side of the VPN!
>
> So I think I just add this manual route addition to my startup scripts
> and be done with it.
>
> Cheers,
>
> Bas
>
> On 27 April 2015 at 11:42, Bas van Dijk <v.dijk.bas at gmail.com> wrote:
> > On 26 April 2015 at 23:46, Miroslav Svoboda <goodmirek at goodmirek.cz>
> wrote:
> >> Huh, it is a bit complicated.
> >> Routing table 220 empty... is not good most probably, but cannot help
> to fix
> >> it.
> >
> > Routing table 220 is probably empty because strongswan fails to add a
> > route to it because of the "Network is unreachable (101)" error. Which
> > is the same error I get when I try to add the route manually.
> >
> >> I would need to see configuration and packet dump to understand what
> packets
> >> go from where to there.
> >
> > My network configuration boils down to the following sequence of
> commands:
> >
> > ip link set "eth0" up
> >
> > ip addr add "136.243.25.125/32" dev "eth0"
> > ip addr add "136.243.25.108/32" dev "eth0"
> > ip addr add "172.16.48.17/28" dev "eth0"
> > ip addr add "136.243.17.41/26" dev "eth0"
> >
> > ip route add default via "136.243.17.1"
> >
> > ip -6 addr add '2a01:4f8:211:2aa8::/64' dev 'eth0'
> > ip -4 route change '136.243.17.0/26' via '136.243.17.1' dev 'eth0'
> > ip -6 route add default via 'fe80::1' dev eth0
> >
> > I'll look into making a packet dump.
> >
> >> Anyway, it looks strange to me to route traffic into my own physical
> segment
> >> via gateway: 136.243.17.0/26 via 136.243.17.1 dev eth0
> >> But it will probably not help you.
> >
> > I'm running my machine in a Hetzner data center where it's required to
> > route all traffic (including traffic to my own subnet) to the gateway.
> > (See: http://wiki.hetzner.de/index.php/Netzkonfiguration_Debian/en)
> >
> > I also tried deleting that route and trying again but I got the same
> error:
> >
> > # ip route del 136.243.17.0/26 via 136.243.17.1 dev eth0
> > # ip route add  10.180.0.0/24 via 136.243.17.1 src 172.16.48.17 dev eth0
> > RTNETLINK answers: Network is unreachable
> >
> >> Did you try to use lo:0 instead of eth0 for all you "loopback"
> addresses?
> >
> > Adding it to "lo" yields the same error:
> >
> > # ip addr add 172.16.48.17/28 dev lo
> > # ip route add 10.180.0.0/24 via 136.243.17.1 src 172.16.48.17 dev eth0
> > RTNETLINK answers: Network is unreachable
> >
> > Cheers,
> >
> > Bas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150427/9d20964b/attachment.html>

More information about the Users mailing list