[strongSwan] osx Sierra ikev2 connection successful but no traffic
karthik kumar
kumarkarthikn at gmail.com
Tue Feb 13 12:52:57 CET 2018
Hi,
I have successful connection from my Sierra Mac using strongswan-5.6.1 to
our vpn server
$ sudo ipsec up vpn
Password:
initiating IKE_SA vpn[2] to xxxx
*...........<removed for brevity>*
*installing 10.245.250.251 as DNS server*
*installing 10.245.250.227 as DNS server*
*installing new virtual IP 10.244.15.1*
*created TUN device: utun2*
*CHILD_SA vpn{2} established with SPIs c13091e4_i c869298c_o and TS
10.244.15.1/32 <http://10.244.15.1/32> === 0.0.0.0/32 <http://0.0.0.0/32>*
*connection 'vpn' established successfully*
$ ifconfig utun2
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
options=6403<RXCSUM,TXCSUM,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
inet 10.244.15.1 --> 10.244.15.1 netmask 0xff000000
but no traffic is flowing, can't reach hosts/internet. Actually I am not
able to ping the VIP itself
$ ping 10.244.15.1
*PING 10.244.15.1 (10.244.15.1): 56 data bytes*
*Request timeout for icmp_seq 0*
*Request timeout for icmp_seq 1*
*^C*
*--- 10.244.15.1 ping statistics ---*
*3 packets transmitted, 0 packets received, 100.0% packet loss*
initiator configurations
````````````````````````````
config setup
conn %default
compress=yes
ikelifetime=20h
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn vpn
left=%any
leftid=karthik at altiscale.com
rightid=@vpn02.rt1.altiscale.com
rightauth=pubkey
leftsourceip=%config
rightsubnet=0.0.0.0/0
auto=add
ike=aes256-sha512-modp4096!
esp=aes128-sha512!
The same configs work well on a linux initiator.
Any suggestions please ? Please let me know if you need more info
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180213/095c58f1/attachment.html>
More information about the Users
mailing list