[strongSwan] [ASK] Reachability after reboot

achyar.nur achyar.nur at achyarnurandi.net
Sat May 28 08:24:56 CEST 2016 

Hi All,

 

I need information when I run strongswan ipsec. Everything is ok. But after
one server is rebooting, I cannot ping remote server from local server.

 

 

Local-server|------------|internet|----------------|remote-server

 


Local-server before remote server reboot


[root at strongswan-achyarnurandidotnet-s1 ~]# strongswan status

Security Associations (1 up, 0 connecting):

server1-server2[1]: ESTABLISHED 2 minutes ago,
10.0.2.1[s1.achyarnurandi.net]...10.0.2.2[s2.achyarnurandi.net]

server1-server2{1}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: c241cedb_i
c77a3490_o

server1-server2{1}:   192.168.223.0/24 === 192.168.222.0/24

server1-server2{2}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: cfc932ae_i
c5a9fe15_o

server1-server2{2}:   192.168.223.0/24 === 192.168.222.0/24

[root at strongswan-achyarnurandidotnet-s1 ~]# ping 192.168.222.101

PING 192.168.222.101 (192.168.222.101) 56(84) bytes of data.

64 bytes from 192.168.222.101: icmp_seq=1 ttl=64 time=1.78 ms

64 bytes from 192.168.222.101: icmp_seq=2 ttl=64 time=0.771 ms

64 bytes from 192.168.222.101: icmp_seq=3 ttl=64 time=0.786 ms

64 bytes from 192.168.222.101: icmp_seq=4 ttl=64 time=0.724 ms

^Z

[6]+  Stopped                 ping 192.168.222.101

[root at strongswan-achyarnurandidotnet-s1 ~]#

 

 

 


Local-server while remote server reboot


[root at strongswan-achyarnurandidotnet-s1 ~]# strongswan status

Security Associations (1 up, 0 connecting):

server1-server2[1]: ESTABLISHED 7 minutes ago,
10.0.2.1[s1.achyarnurandi.net]...10.0.2.2[s2.achyarnurandi.net]

server1-server2{1}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: c241cedb_i
c77a3490_o

server1-server2{1}:   192.168.223.0/24 === 192.168.222.0/24

server1-server2{2}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: cfc932ae_i
c5a9fe15_o

server1-server2{2}:   192.168.223.0/24 === 192.168.222.0/24

 

But I cannot ping remote private ip

 


Local-server while remote server reboot


[root at strongswan-achyarnurandidotnet-s1 ~]# ping 192.168.222.101

PING 192.168.222.101 (192.168.222.101) 56(84) bytes of data.

 

 

Then I restart the strongswan, but it's still cannot reachable when I do
ping

 


Local-server while remote server reboot


[root at strongswan-achyarnurandidotnet-s1 ~]# strongswan status

Security Associations (1 up, 0 connecting):

server1-server2[1]: ESTABLISHED 2 minutes ago,
10.0.2.1[s1.achyarnurandi.net]...10.0.2.2[s2.achyarnurandi.net]

server1-server2{1}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: c8041fac_i
c4233ecc_o

server1-server2{1}:   192.168.223.0/24 === 192.168.222.0/24

server1-server2{2}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: cd3f84e0_i
c79e7d44_o

server1-server2{2}:   192.168.223.0/24 === 192.168.222.0/24

[root at strongswan-achyarnurandidotnet-s1 ~]# ping 192.168.222.101

PING 192.168.222.101 (192.168.222.101) 56(84) bytes of data.

 

 

 

Let me know, what is the problem?

 

 

Thank you,

 

 

achyar



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160528/37a75cc3/attachment.html>

More information about the Users mailing list