[strongSwan] IPtables settings

cristiant at newro.co cristiant at newro.co
Mon Jan 13 15:41:53 CET 2020 

/etc/ipsec.conf

# basic configuration
config setup
         charondebug="all"
         uniqueids=yes
         strictcrlpolicy=no

# connection 1
conn site1-to-site2
   authby=secret
   left=%defaultroute
   leftid=111.111.111.45
   leftsubnet=172.16.11.0/24
   right=222.222.222.210
   rightsubnet=172.16.15.0/24
   ike=aes256-sha2_256-modp1024!
   esp=aes256-sha2_256!
   keyingtries=0
   ikelifetime=1h
   lifetime=8h
   dpddelay=30
   dpdtimeout=120
   dpdaction=restart
   auto=start

Only this file where I've defined  my site-to-site settings.


On 1/13/20 4:36 PM, Felipe Arturo Polanco wrote:
> Hi,
>
> Please also send the content of /etc/ipsec.conf and/or 
> /etc/swanctl.conf , /etc/swanctl/swanctl.conf , the file where you 
> defined your site-to-site settings.
>
> On Mon, Jan 13, 2020 at 10:27 AM cristiant at newro.co 
> <mailto:cristiant at newro.co> <cristiant at newro.co 
> <mailto:cristiant at newro.co>> wrote:
>
>     Also it ipsec.conf file
>
>     # basic configuration
>     config setup
>             charondebug="all"
>             uniqueids=yes
>             strictcrlpolicy=no
>
>     # connection to paris datacenter
>     conn totorum-to-camulodunum
>       authby=secret
>       left=%defaultroute
>       leftid=111.111.111.45
>       leftsubnet=172.16.11.0/24 <http://172.16.11.0/24>
>       right=222.222.222.210
>       rightsubnet=172.16.15.0/24 <http://172.16.15.0/24>
>       ike=aes256-sha2_256-modp1024!
>       esp=aes256-sha2_256!
>       keyingtries=0
>       ikelifetime=1h
>       lifetime=8h
>       dpddelay=30
>       dpdtimeout=120
>       dpdaction=restart
>       auto=start
>
>     On 1/13/20 4:15 PM, Felipe Arturo Polanco wrote:
>>     Hi,
>>
>>     Please send us the following information:
>>
>>     Strongswan configuration and
>>     Output of:
>>     iptables-save
>>     ip xfrm policy
>>     ip route show
>>     ip rule show
>>     ip address show
>>
>>     Thanks,
>>
>>
>>     On Mon, Jan 13, 2020 at 10:13 AM cristiant at newro.co
>>     <mailto:cristiant at newro.co> <cristiant at newro.co
>>     <mailto:cristiant at newro.co>> wrote:
>>
>>         Hello,
>>
>>         I am trying to set up a point-to-point VPN connection between
>>         two KVM
>>         hosts running Ubuntu 18.04 LTS.
>>
>>         For struggling fro more then a week to make it work but
>>         without success.
>>
>>         The tunnel seams to be running but I cannot make the
>>         connection between
>>         internal subenets.
>>
>>         Can anyone tell me what iptables rules should I set?
>>
>>         Thank you!
>>
>>         Best regards!
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200113/1f9f0878/attachment.html>

More information about the Users mailing list