[strongSwan] net2net can not work well on ubuntu14.04
zhuyj
mounter625 at 163.com
Fri May 8 12:01:41 CEST 2015
Hi, all
I configured 4 vmare hosts. The hosts are ubuntu14.04. The gateway moon
does not forward icmp packets.
The network topology is as below.
10.1.0.10 <---->10.1.0.1 (moon) 192.168.0.1<----->192.168.0.2 (sun)
10.2.0.1<---->10.2.0.10
strongswan is 5.3.0.
On moon
/usr/local/etc/ipsec.conf is as below:
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net
left=%defaultroute
leftsourceip=%config
leftfirewall=yes
leftid=@moon.strongswan.org
right=192.168.0.2
rightsubnet=10.2.0.0/16
rightid=@sun.strongswan.org
auto=add
/usr/local/etc/ipsec.secrets is as below:
: PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
On Sun
/usr/local/etc/ipsec.conf is as below:
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net
left=192.168.0.2
leftsubnet=10.2.0.0/16
leftid=@sun.strongswan.org
leftfirewall=yes
right=192.168.0.1
rightid=@moon.strongswan.org
auto=add
rightsourceip=10.4.0.0/24
/usr/local/etc/ipsec.secrets is as below:
: PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
Others remain unchanged.
I ran "ping 10.2.0.10" on clinet 10.1.0.10. But I can not get any reply
from 10.2.0.10.
I can find the icmp packets into moon. But moon will not forward these
icmp packets.
After an iptables rule (iptables -t nat -A POSTROUTING -s 10.4.0.0/16 -j
MASQUERADE) is run in
sun, I can ping 10.2.0.10 on moon.
But I can not ping 10.2.0.1 on client 10.1.0.10.
That is, moon can reach client 10.2.0.10.But client 10.10.10 can not
reach sun.
10.1.0.10 <---->10.1.0.1 (moon) 192.168.0.1<----->192.168.0.2 (sun)
10.2.0.1<---->10.2.0.10
icmp------------------------------------------------------------------>here
icmp----------->
In a word, moon can not forward icmp packets.
Does any one have the similar experience?
Any reply is appreciated.
Thanks a lot.
Zhu Yanjun
More information about the Users
mailing list