[strongSwan] IPtables settings

Felipe Arturo Polanco felipeapolanco at gmail.com
Mon Jan 13 15:36:37 CET 2020


Hi,

Please also send the content of /etc/ipsec.conf and/or /etc/swanctl.conf ,
/etc/swanctl/swanctl.conf , the file where you defined your site-to-site
settings.

On Mon, Jan 13, 2020 at 10:27 AM cristiant at newro.co <cristiant at newro.co>
wrote:

> Also it ipsec.conf file
>
> # basic configuration
> config setup
>         charondebug="all"
>         uniqueids=yes
>         strictcrlpolicy=no
>
> # connection to paris datacenter
> conn totorum-to-camulodunum
>   authby=secret
>   left=%defaultroute
>   leftid=111.111.111.45
>   leftsubnet=172.16.11.0/24
>   right=222.222.222.210
>   rightsubnet=172.16.15.0/24
>   ike=aes256-sha2_256-modp1024!
>   esp=aes256-sha2_256!
>   keyingtries=0
>   ikelifetime=1h
>   lifetime=8h
>   dpddelay=30
>   dpdtimeout=120
>   dpdaction=restart
>   auto=start
>
> On 1/13/20 4:15 PM, Felipe Arturo Polanco wrote:
>
> Hi,
>
> Please send us the following information:
>
> Strongswan configuration and
> Output of:
> iptables-save
> ip xfrm policy
> ip route show
> ip rule show
> ip address show
>
> Thanks,
>
>
> On Mon, Jan 13, 2020 at 10:13 AM cristiant at newro.co <cristiant at newro.co>
> wrote:
>
>> Hello,
>>
>> I am trying to set up a point-to-point VPN connection between two KVM
>> hosts running Ubuntu 18.04 LTS.
>>
>> For struggling fro more then a week to make it work but without success.
>>
>> The tunnel seams to be running but I cannot make the connection between
>> internal subenets.
>>
>> Can anyone tell me what iptables rules should I set?
>>
>> Thank you!
>>
>> Best regards!
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200113/d6eef955/attachment-0001.html>


More information about the Users mailing list