[strongSwan] right/leftsubnet with 0.0.0.0/0 or some specific network

Zhuyj mounter625 at 163.com
Sun Jun 14 04:56:40 CEST 2015 

have idea?


发自我的 iPhone

> 在 2015年6月12日,16:54,zhuyj <mounter625 at 163.com> 写道:
> 
> Hi, all
> 
> I configured 4 vmare hosts. The hosts are ubuntu14.04. The gateway moon does not forward icmp packets.
> 
> The network topology is as below.
> 
> 10.1.0.10 <---->10.1.0.1 (moon) 192.168.0.1<----->192.168.0.2 (sun) 10.2.0.1<---->10.2.0.10
> 
> strongswan is 5.3.0.
> 
> On moon
> /usr/local/etc/ipsec.conf is as below:
> 
> config setup
> 
> conn %default
>    ikelifetime=60m
>    keylife=20m
>    rekeymargin=3m
>    keyingtries=1
>    authby=secret
>    keyexchange=ikev2
>    mobike=no
> 
> conn net-net
>    left=192.168.0.1
>    leftsubnet=10.1.0.0/16      ---->0.0.0.0/0
>    leftid=@moon.strongswan.org
>    leftfirewall=yes
>    right=192.168.0.2
>    rightsubnet=10.2.0.0/16     ---->0.0.0.0/0
>    rightid=@sun.strongswan.org
>    auto=add
> /usr/local/etc/ipsec.secrets is as below:
> 
> : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
> 
> On Sun
> /usr/local/etc/ipsec.conf is as below:
> config setup
> 
> conn %default
>    ikelifetime=60m
>    keylife=20m
>    rekeymargin=3m
>    keyingtries=1
>    authby=secret
>    keyexchange=ikev2
>    mobike=no
> 
> conn net-net
>    left=192.168.0.2
>    leftsubnet=10.2.0.0/16  ----->0.0.0.0/0
>    leftid=@sun.strongswan.org
>    leftfirewall=yes
>    right=192.168.0.1
>    rightsubnet=10.1.0.0/16 ----->0.0.0.0/0
>    rightid=@moon.strongswan.org
>    auto=add
> 
> 
> /usr/local/etc/ipsec.secrets is as below:
> 
> : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
> 
> Others remain unchanged.
> 
> In the above ipsec.conf file, if I use right/leftsubnet with 0.0.0.0/0, the whole system can not work well.
> If I use right/leftsubnet with 10.1 or 2.0.0/16, the whole system can work well.
> 
> Does any one have the similar experience?
> 
> Anyone has idea?
> 
> Any reply is appreciated.
> 
> Thanks a lot.
> Zhu Yanjun
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

More information about the Users mailing list