[strongSwan] Setup site-to-site VPN via central server
Martin Sand
dborn at gmx.net
Fri Jul 29 16:20:32 CEST 2016
> Could be any number of things. You should check the traffic counters in
> `ipsec statusall` on the hub and the clients. If you have firewall
> rules check the counters in `iptables -v -L`.
The output of iptables -v -L on the Hub is:
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- ens192 any 192.168.2.0/24
192.168.1.0/24 policy match dir in pol ipsec reqid 376 proto esp
0 0 ACCEPT all -- any ens192 192.168.1.0/24
192.168.2.0/24 policy match dir out pol ipsec reqid 376 proto esp
0 0 ACCEPT all -- ens192 any 192.168.1.0/24
192.168.2.0/24 policy match dir in pol ipsec reqid 375 proto esp
0 0 ACCEPT all -- any ens192 192.168.2.0/24
192.168.1.0/24 policy match dir out pol ipsec reqid 375 proto esp
As I am running OpenWRT on both gateways, iptables -v -L has a long
output. What are the relevant pieces here of iptables? At least I cannot
see any 192.168 rules. I guess OpenWRT is not accepting the traffic.
Can I somehow simulate the traffic from the Hub? How can I send a ping
into the tunnel, e.g. "ping -I 192.168.1.1 192.168.2.1"? Of course,
192.168 is not shown in the interface list of the Hub, but only the
external IP address.
Best regards
Martin
More information about the Users
mailing list