[strongSwan] IPtables settings

Felipe Arturo Polanco felipeapolanco at gmail.com
Tue Jan 14 16:38:26 CET 2020 

Those settings look good, please send this output:

$ sysctl -a | grep -e "forwarding"

On Tue, Jan 14, 2020 at 4:08 AM cristiant at newro.co <cristiant at newro.co>
wrote:

> Hi.
>
> Please, can anyone give some advices?
>
> Thank you!
> On 1/13/20 4:41 PM, cristiant at newro.co wrote:
>
> /etc/ipsec.conf
>
> # basic configuration
> config setup
>         charondebug="all"
>         uniqueids=yes
>         strictcrlpolicy=no
>
> # connection 1
> conn site1-to-site2
>   authby=secret
>   left=%defaultroute
>   leftid=111.111.111.45
>   leftsubnet=172.16.11.0/24
>   right=222.222.222.210
>   rightsubnet=172.16.15.0/24
>   ike=aes256-sha2_256-modp1024!
>   esp=aes256-sha2_256!
>   keyingtries=0
>   ikelifetime=1h
>   lifetime=8h
>   dpddelay=30
>   dpdtimeout=120
>   dpdaction=restart
>   auto=start
>
> Only this file where I've defined  my site-to-site settings.
>
>
> On 1/13/20 4:36 PM, Felipe Arturo Polanco wrote:
>
> Hi,
>
> Please also send the content of /etc/ipsec.conf and/or /etc/swanctl.conf ,
> /etc/swanctl/swanctl.conf , the file where you defined your site-to-site
> settings.
>
> On Mon, Jan 13, 2020 at 10:27 AM cristiant at newro.co <cristiant at newro.co>
> wrote:
>
>> Also it ipsec.conf file
>>
>> # basic configuration
>> config setup
>>         charondebug="all"
>>         uniqueids=yes
>>         strictcrlpolicy=no
>>
>> # connection to paris datacenter
>> conn totorum-to-camulodunum
>>   authby=secret
>>   left=%defaultroute
>>   leftid=111.111.111.45
>>   leftsubnet=172.16.11.0/24
>>   right=222.222.222.210
>>   rightsubnet=172.16.15.0/24
>>   ike=aes256-sha2_256-modp1024!
>>   esp=aes256-sha2_256!
>>   keyingtries=0
>>   ikelifetime=1h
>>   lifetime=8h
>>   dpddelay=30
>>   dpdtimeout=120
>>   dpdaction=restart
>>   auto=start
>>
>> On 1/13/20 4:15 PM, Felipe Arturo Polanco wrote:
>>
>> Hi,
>>
>> Please send us the following information:
>>
>> Strongswan configuration and
>> Output of:
>> iptables-save
>> ip xfrm policy
>> ip route show
>> ip rule show
>> ip address show
>>
>> Thanks,
>>
>>
>> On Mon, Jan 13, 2020 at 10:13 AM cristiant at newro.co <cristiant at newro.co>
>> wrote:
>>
>>> Hello,
>>>
>>> I am trying to set up a point-to-point VPN connection between two KVM
>>> hosts running Ubuntu 18.04 LTS.
>>>
>>> For struggling fro more then a week to make it work but without success.
>>>
>>> The tunnel seams to be running but I cannot make the connection between
>>> internal subenets.
>>>
>>> Can anyone tell me what iptables rules should I set?
>>>
>>> Thank you!
>>>
>>> Best regards!
>>>
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200114/1a922138/attachment.html>

More information about the Users mailing list