Hello, I am a relative newbie with strongswan but i have sucessfully gotten it installed and working on my CENTOS Linux Box.
I am having a weird issue but I am sure it will be a quick fix when someone points me in the right direction. First a brief layout... Server 1(10.0.2.3)---->10.0.2.0/24 network---->10.0.2.1 sonicwall nsa240 router(static public ip)---internet cloud--------->(also static public ip) linux box 10.0.3.1-----> 10.0.3.0/24 network ---> Server B (10.0.3.2) The VPN tunnel is up and running. From server1 I can ping 10.0.3.2 and 10.0.3.1 without any issues. However I can not ping 10.0.2.3 or 10.0.2.1 from 10.0.3.2. When i run a tracert from 10.0.3.1 to 10.0.2.1 it appears the traffic is going out my router interface instead over the vpn interface. So my guess as to my problem is i need to add a route so that all traffic from 10.0.3.0 goes to 10.0.2.0. This is the weird part, I have a firewall entry already in there for that. iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 10.0.2.0/24 10.0.3.0/24 policy match dir in pol ipsec reqid 16385 proto esp ACCEPT all -- 10.0.3.0/24 10.0.2.0/24 policy match dir out pol ipsec reqid 16385 proto esp Chain OUTPUT (policy ACCEPT) target prot opt source destination So i am looking for any advice as to what i could be doing wrong here. i feel i am 99% there to perfection... _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
