SIf you want to trigger the tunnel setup by payload packets then you must define
auto=route Regards Andreas Svend Høst wrote:
Hi
I've made a router out of a epia sn board, and it really performes well (80
mbit iperf over vpn).
But it seems to me that the tunnel dosn't start automaticly ?
But if i @work du a ipsec up net-net-svende then the tunnel builds fine, but
i can't ping from my lan pc and trigger the tunnel.
can it be something with my iptables ?
with kind regards
Svend
@home :
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net-pallas
left=%defaultroute
leftsubnet=left_lan_subnet <http://172.17.14.0/24>
leftid=left_wan_ip
leftfirewall=yes
leftsourceip=left_lan_gateway
right=right_wan_ip
rightsubnet=right_lan_subnet/24
rightid=right_wan_ip
auto=add
type=tunnel
include /var/lib/strongswan/ipsec.conf.inc
@work :
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
plutostart=no
interfaces="ipsec0=eth0"
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net-svende
left=%defaultroute
leftsubnet=left_lan_subnet/24 <http://193.163.101.0/24>
leftid=left_wan_ip
leftfirewall=yes
leftsourceip=left_lan_gateway
right=right_wan_ip
rightsubnet= <http://172.17.14.0/24>right_lan_subnet
rightid=right_wan_ip
auto=add
type=tunnel
====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
