[strongSwan] no connection from firewall but from host behind
Jens Krehbiel-Gräther
jens.krehbiel-graether at jkg-it-services.de
Thu Jul 20 18:54:24 CEST 2017
Hi everyone,
I have a problem and can not find a solution for it.
Following configuration is set up:
host a
ipsec.conf:
_config setup_
_ uniqueids=yes_
_ cachecrls=yes_
_conn proxy_
_ ikelifetime=7800_
_ keylife=7800_
_ rekeymargin=30m_
_ keyingtries=5_
_ keyexchange=ike_
_ authby=secret_
_ left=%defaultroute (<-dynamic changing address)_
_ leftsubnet=10.10.42.0/24 (<- local network site a)_
_ leftfirewall=yes_
_ leftid=jens_
_ right=x.x.x.x (<- public ip of host b)_
_ rightsubnet=10.20.21.0/24 (<- local network site b)_
_ auto=start_
ipsec.secrets:
_x.x.x.x %defaultroute : PSK "secret"_
host b
ipsec.conf:
_config setup_
_ cachecrls=yes_
_ uniqueids=yes_
_conn jkg_
_ ikelifetime=7800_
_ keylife=7800_
_ rekeymargin=30m_
_ keyingtries=5_
_ keyexchange=ike_
_ authby=secret_
_ left=x.x.x.x_
_ leftsubnet=10.20.21.0/24_
_ leftfirewall=yes_
_ right=%any_
_ rightid=jens_
_ rightsubnet=10.10.42.0/24_
_ auto=add_
ipsec.secrets:
_jens x.x.x.x : PSK "secret"_
My problem is the following:
When I start strongswan on host b and host a nothing happens. "ipsec
statusall" on host a shows "connecting", on host b nothing incoming.
When I start same config of host a on a host on local network on site a,
which is nat'ed through host a, the connection works perfectly. Why can
I not start the connection directly on host a (which is not nat'ed).
Can anyone give me a solution which I have to change in config for
getting it working from host a to host b?
Thanks,
Jens
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170720/9314cc32/attachment.html>
More information about the Users
mailing list