[strongSwan] Fritzbox <-> strongSwan / Missing ping replies
sascha at schmidt.ps
sascha at schmidt.ps
Thu Jan 22 12:30:11 CET 2015
Hi,
I've build a connection between a FRITZ!Box and a strongSwan server.
On the virtual server where strongSwan is located I've added a virtual
interface and configured the ip 192.168.0.10/24 on it.
Now I'm trying to ping each side of the vpn with no luck.
On the serverside (strongSwan) I can see the incoming icmp requests,
but cannot see an answer:
tcpdump -i eth0 dst host 192.168.0.10 or src host 192.168.0.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
12:25:44.421577 IP 192.168.2.4 > 192.168.0.10: ICMP echo request, id
10277, seq 3537, length 64
12:25:45.421483 IP 192.168.2.4 > 192.168.0.10: ICMP echo request, id
10277, seq 3538, length 64
12:25:46.425221 IP 192.168.2.4 > 192.168.0.10: ICMP echo request, id
10277, seq 3539, length 64
My ipsec.conf:
conn fritzbox
aggressive=no
keyingtries=0
type=tunnel
left=<strongSwan public ip>
leftsubnet=192.168.0.0/24
leftfirewall=yes
lefthostaccess=yes
leftnexthop=%defaultroute
#
ike=aes256-sha-modp1024
esp=aes256-sha1-modp1024
#
right=<hostname of fritzbox>
rightid=@<hostname of fritzbox>
rightsubnet=192.168.2.0/24
leftnexthop=%defaultroute
#
ikelifetime=4h
keylife=1h
#
authby=secret
auto=add
Starting strongSwan gives me the following last line:
Jan 22 12:27:44 linux vpn: + <hostname of fritzbox> 192.168.2.0/24 ==
<fritzbox public ip> -- <strongSwan public ip> == 192.168.0.0/24
"route" shows me:
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
Any hints what I made wrong or where I have to tweak the settings?
Greets
Sascha
More information about the Users
mailing list