[strongSwan] Setup site-to-site VPN via central server
Martin Sand
dborn at gmx.net
Fri Jul 29 11:17:22 CEST 2016
Hi Tobias
I now went to the other location (vpn-second, some 500km away from
vpn-first). There I could establish the tunnel to the hub (internal IP
192.168.0.1) as well.
But when I ping vpn-first, I do not get a reply. traceroute
192.168.1.100 gives me the following output
1?: [LOCALHOST] pmtu 1500
1: router-first 5.934ms
1: router-first 1.953ms
2: 192.168.0.1 3.197ms
3: no reply
I am a bit lost here. Is this a routing or an iptables issue and how can
I make sure the vpn-second connection is working if I resolve the issues
(how do I test the tunnel from vpn-second network back to vpn-second)?
Best regards
Martin
#ipsec status
Security Associations (2 up, 0 connecting):
vpn-second[366]: ESTABLISHED 10 minutes ago,
212.10.10.224[vpn.example.org]...78.10.10.165[C=DE, O=StrongSwan, CN=second]
vpn-second{1451}: INSTALLED, TUNNEL, reqid 364, ESP in UDP SPIs:
c05f5d7f_i c9021326_o
vpn-second{1451}: 192.168.1.0/24 === 192.168.2.0/24
vpn-first[365]: ESTABLISHED 34 minutes ago,
212.10.10.224[vpn.example.org]...80.10.10.4[C=DE, O=StrongSwan, CN=first]
vpn-first{1452}: INSTALLED, TUNNEL, reqid 363, ESP in UDP SPIs:
c78cb088_i c93bb409_o
vpn-first{1452}: 192.168.2.0/24 === 192.168.1.0/24
More information about the Users
mailing list