[strongSwan] IPtables settings

cristiant at newro.co cristiant at newro.co
Tue Jan 14 09:08:07 CET 2020 

Hi.

Please, can anyone give some advices?

Thank you!

On 1/13/20 4:41 PM, cristiant at newro.co wrote:
>
> /etc/ipsec.conf
>
> # basic configuration
> config setup
>         charondebug="all"
>         uniqueids=yes
>         strictcrlpolicy=no
>
> # connection 1
> conn site1-to-site2
>   authby=secret
>   left=%defaultroute
>   leftid=111.111.111.45
>   leftsubnet=172.16.11.0/24
>   right=222.222.222.210
>   rightsubnet=172.16.15.0/24
>   ike=aes256-sha2_256-modp1024!
>   esp=aes256-sha2_256!
>   keyingtries=0
>   ikelifetime=1h
>   lifetime=8h
>   dpddelay=30
>   dpdtimeout=120
>   dpdaction=restart
>   auto=start
>
> Only this file where I've defined  my site-to-site settings.
>
>
> On 1/13/20 4:36 PM, Felipe Arturo Polanco wrote:
>> Hi,
>>
>> Please also send the content of /etc/ipsec.conf and/or 
>> /etc/swanctl.conf , /etc/swanctl/swanctl.conf , the file where you 
>> defined your site-to-site settings.
>>
>> On Mon, Jan 13, 2020 at 10:27 AM cristiant at newro.co 
>> <mailto:cristiant at newro.co> <cristiant at newro.co 
>> <mailto:cristiant at newro.co>> wrote:
>>
>>     Also it ipsec.conf file
>>
>>     # basic configuration
>>     config setup
>>             charondebug="all"
>>             uniqueids=yes
>>             strictcrlpolicy=no
>>
>>     # connection to paris datacenter
>>     conn totorum-to-camulodunum
>>       authby=secret
>>       left=%defaultroute
>>       leftid=111.111.111.45
>>       leftsubnet=172.16.11.0/24 <http://172.16.11.0/24>
>>       right=222.222.222.210
>>       rightsubnet=172.16.15.0/24 <http://172.16.15.0/24>
>>       ike=aes256-sha2_256-modp1024!
>>       esp=aes256-sha2_256!
>>       keyingtries=0
>>       ikelifetime=1h
>>       lifetime=8h
>>       dpddelay=30
>>       dpdtimeout=120
>>       dpdaction=restart
>>       auto=start
>>
>>     On 1/13/20 4:15 PM, Felipe Arturo Polanco wrote:
>>>     Hi,
>>>
>>>     Please send us the following information:
>>>
>>>     Strongswan configuration and
>>>     Output of:
>>>     iptables-save
>>>     ip xfrm policy
>>>     ip route show
>>>     ip rule show
>>>     ip address show
>>>
>>>     Thanks,
>>>
>>>
>>>     On Mon, Jan 13, 2020 at 10:13 AM cristiant at newro.co
>>>     <mailto:cristiant at newro.co> <cristiant at newro.co
>>>     <mailto:cristiant at newro.co>> wrote:
>>>
>>>         Hello,
>>>
>>>         I am trying to set up a point-to-point VPN connection
>>>         between two KVM
>>>         hosts running Ubuntu 18.04 LTS.
>>>
>>>         For struggling fro more then a week to make it work but
>>>         without success.
>>>
>>>         The tunnel seams to be running but I cannot make the
>>>         connection between
>>>         internal subenets.
>>>
>>>         Can anyone tell me what iptables rules should I set?
>>>
>>>         Thank you!
>>>
>>>         Best regards!
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200114/8ce0ca76/attachment.html>

More information about the Users mailing list