[strongSwan] Connecting from CENTOS to Meraki MX100

VTwin Farriers vtwin at cox.net
Wed Jan 19 16:17:11 CET 2022


As much as it is usually bad form to follow up on your own post, I wanted to add this additional bit of info.

if I execute the command:

[root at MyRouter ~]# tcpdump -i ipsec0 -vv -c 5

and "ping 192.168.227.27" from another console, I see:


tcpdump: listening on ipsec0, link-type RAW (Raw IP), capture size 262144 bytes
10:14:49.230332 IP (tos 0x0, ttl 64, id 8701, offset 0, flags [DF], proto ICMP (1), length 84)
MyRouter > 192.168.227.27: ICMP echo request, id 53647, seq 6374, length 64
10:14:50.241077 IP (tos 0x0, ttl 64, id 9655, offset 0, flags [DF], proto ICMP (1), length 84)
MyRouter > 192.168.227.27: ICMP echo request, id 53647, seq 6375, length 64
10:14:51.265054 IP (tos 0x0, ttl 64, id 10137, offset 0, flags [DF], proto ICMP (1), length 84)
MyRouter > 192.168.227.27: ICMP echo request, id 53647, seq 6376, length 64
10:14:52.289083 IP (tos 0x0, ttl 64, id 10671, offset 0, flags [DF], proto ICMP (1), length 84)
MyRouter > 192.168.227.27: ICMP echo request, id 53647, seq 6377, length 64
10:14:53.313041 IP (tos 0x0, ttl 64, id 11115, offset 0, flags [DF], proto ICMP (1), length 84)
MyRouter > 192.168.227.27: ICMP echo request, id 53647, seq 6378, length 64
5 packets captured
5 packets received by filter
0 packets dropped by kernel


So it appears packets are being correctly routed over the tunnel.


Is it safe to say the problem is likely on the Meraki end at this point, where they do not have a proper route installed or their firewall is not configured correctly?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20220119/8773926c/attachment.html>


More information about the Users mailing list