The problem has been fixed by replacing the IPSec kernel module of the stock kernel. It seems that Online.net's stock kernel will cause a problem on establishing IPSec kernel.
On Fri, Aug 4, 2017 at 6:46 PM Yongsheng Xie <[email protected]> wrote: > Hello, > > Recently I am encountered with a weird problem. I have a Fedora 26 server > as virtualization host, running VMs on a Linux logical network (the > left-hand side). I've also set up a CentOS 7.3 VM on Google Cloud Platform > (the right-hand side) for establishing the IPSec tunnel. > > After the tunnel established, I can ping the VM in 10.150.0.0/24 from any > GCE instances on 10.120.0.0/16, even ssh into VM from GCE instances. > What's really weird is that I cannot ping or establish connection to any > hosts on GCE VPC from the hosts on network 10.150.0.0/24. I tried using > tcpdump to capture packets flowing through IPSec tunnel, but I can't see > any packets routed from 10.150.0.0/24 to 10.120.0.0/16. > > Could you help me debugging this problem? > > Following is setup information of my servers: > > *The setup of left-hand side:* > OS: Fedora 26 > Libreswan version: 3.18 > Configuration: > conn cdg-tpe > left=X.X.X.X > leftsubnet=10.150.0.0/24 > right=Y.Y.Y.Y # The external IP of the GCE instance > rightid=10.120.0.2 > rightsubnet=10.120.0.0/16 > auto=start > authby=secret > > *The setup of right-hand side:* > OS: CentOS 7.3 > Libreswan version: 3.15 > Configuration: > conn tpe-cdg > left=10.120.0.2 > leftsubnet=10.120.0.0/16 > right=X.X.X.X > rightsubnet=10.150.0.0/24 > auto=start > authby=secret > > > Thanks, > Yongsheng Xie >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
