Hi Martin and Andreas, Hi all,
The test scenario is listed as followed:
Alice (IP: 172.19.2.190
Secondary IP: 192.168.253.68) <--------------------------->moon (as
gateway, IP: 172.19.2.118
Secondary IP: 192.168.253.98) <============> carol (IP: 172.19.2.86
Virtual IP: 192.168.253.89)
As above, I have established the ipsec tunnel between moon and carol, now I
can ping moon from carol with "ping 192.168.253.98" and I also can ping
Alice from moon with "ping 192.168.253.68".
But I can not ping Alice from carol with "ping 192.168.253.68". Please
tell me what problem occurred, thanks.
The following is the configuration of moon and carol:
++++++++++++++Moon:
config setup
strictcrlpolicy=no
plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=%forever
keyexchange=ikev2
conn rw-eapaka
left=172.19.2.118
leftsubnet=192.168.253.0/24
leftid="C=CN, ST=BEIJING, L=BEIJING, O=PICOCHIP, OU=SECURITY,
CN=MOON, E= @moon.strongswan.org"
leftcert=/etc/ipsec.d/certs/moonCert.pem
leftauth=pubkey
leftfirewall=yes
lefthostaccess=yes
right=%any
rightid="C=CN, ST=BEIJING, L=BEIJING, O=PICOCHIP, OU=SECURITY,
CN=CAROL, [email protected]"
rightsendcert=never
rightsourceip=192.168.253.89
rightauth=eap-aka
auto=start
++++++++++carol:
config setup
strictcrlpolicy=no
plutostart=no
keep_alive=20m
conn %default
ike=aes-sha1-modp1024!
esp=aes-sha1!
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=%forever
keyexchange=ikev2
dpdaction=clear
dpdtimeout=5m
dpddelay=10
conn FAP1000
left=172.19.2.86
leftsourceip=%config
leftcert=/etc/ipsec.d/certs/carolCert.pem
leftauth=eap
right=172.19.2.118
rightsubnet=0.0.0.0/0
rightcert=/etc/ipsec.d/certs/moonCert.pem
rightauth=pubkey
leftid="C=CN, ST=BEIJING, L=BEIJING, O=PICOCHIP, OU=SECURITY,
CN=CAROL, [email protected]"
rightid="C=CN, ST=BEIJING, L=BEIJING, O=PICOCHIP, OU=SECURITY,
CN=MOON, [email protected]"
auto=add
Best Regards,
David
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
