subject:"\[strongSwan\] osx Sierra ikev2 connection successful but no traffic"

Re: [strongSwan] osx Sierra ikev2 connection successful but no traffic

2018-02-15 Thread karthik kumar

Thanks for your response. I did fix that by changing to 0.0.0.0/0 ..

On Thu, Feb 15, 2018 at 2:50 PM, Tobias Brunner 
wrote:

> Hi Karthik,
>
> > CHILD_SA vpn{2} established with SPIs c13091e4_i c869298c_o and TS
> 10.244.15.1/32 === 0.0.0.0/32
>
> This remote traffic selector (0.0.0.0/32) doesn't look right.  This
> should probably be 0.0.0.0/0.  Since your client config looks OK, check
> how the server is configured.
>
> Regards,
> Tobias
>

Re: [strongSwan] osx Sierra ikev2 connection successful but no traffic

2018-02-15 Thread Tobias Brunner

Hi Karthik,

> CHILD_SA vpn{2} established with SPIs c13091e4_i c869298c_o and TS 
> 10.244.15.1/32 === 0.0.0.0/32

This remote traffic selector (0.0.0.0/32) doesn't look right.  This
should probably be 0.0.0.0/0.  Since your client config looks OK, check
how the server is configured.

Regards,
Tobias

[strongSwan] osx Sierra ikev2 connection successful but no traffic

2018-02-13 Thread karthik kumar

Hi,
  I have successful connection from my Sierra Mac using strongswan-5.6.1 to
our vpn server

$ sudo ipsec up  vpn
Password:
initiating IKE_SA vpn[2] to 
*...*
*installing 10.245.250.251 as DNS server*
*installing 10.245.250.227 as DNS server*
*installing new virtual IP 10.244.15.1*
*created TUN device: utun2*
*CHILD_SA vpn{2} established with SPIs c13091e4_i c869298c_o and TS
10.244.15.1/32  === 0.0.0.0/32 *
*connection 'vpn' established successfully*

$ ifconfig utun2
utun2: flags=8051 mtu 1500
options=6403
inet 10.244.15.1 --> 10.244.15.1 netmask 0xff00

but no traffic is flowing, can't reach hosts/internet. Actually I am not
able to ping the VIP itself

$ ping 10.244.15.1
*PING 10.244.15.1 (10.244.15.1): 56 data bytes*
*Request timeout for icmp_seq 0*
*Request timeout for icmp_seq 1*
*^C*
*--- 10.244.15.1 ping statistics ---*
*3 packets transmitted, 0 packets received, 100.0% packet loss*

initiator configurations

config setup

conn %default
compress=yes
ikelifetime=20h
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2

conn vpn
left=%any
leftid=kart...@altiscale.com
rightid=@vpn02.rt1.altiscale.com
rightauth=pubkey
leftsourceip=%config
rightsubnet=0.0.0.0/0
auto=add
ike=aes256-sha512-modp4096!
esp=aes128-sha512!

The same configs work well on a linux initiator.

Any suggestions please ? Please let me know if you need more info

Thanks

Re: [strongSwan] osx Sierra ikev2 connection successful but no traffic

Re: [strongSwan] osx Sierra ikev2 connection successful but no traffic

[strongSwan] osx Sierra ikev2 connection successful but no traffic

3 matches

Site Navigation

Mail list logo

Footer information