Re: [strongSwan] Ping is not working after establishing a tunnel in strongswan

Sat, 14 Apr 2012 10:52:37 -0700 

Hi

can you try by disabling iptables on the GW running Strongswan (iam
assuming that it is a linux machine). Try executing these commands, then
start ipsec and then send traffic:

root# iptables -F
root# iptables -F -t nat
root# ipsec start  --- or --- ipsec start --nofork

if above works, then you will need to everytime disable/flush iptables or
you can stop the iptables/fw daemon in the services permanently

hope this helps
rajiv



On Fri, Apr 13, 2012 at 12:01 AM, SaRaVanAn <[email protected]
> wrote:

> Hi all,
>
> *Topology*
> +++++++
>      eth0                 eth0 eth1      VPN tunnel   eth1
>
> Pc1 ---------------- -------GW  ------------------------------  VPN server
> 172.31.114.230             172.31.114.231 50.1.1.239
> 50.1.1.227
>
> I have established a VPN tunnel between GW and VPN server using
> Strongswan. After I established the tunnel the GW is not reachable from PC1
> and ping fails. I have seen ARP requests in eth0 of GW, but its not
> replying for that. But if the tunnel is not there , ping is working fine.
> Please find my SPD rules below and let me know the reason for ping getting
> dropped.
>
>    0.0.0.0/0[any] <http://0.0.0.0/0%5Bany%5D> 50.1.1.239[any] any
>    fwd prio high + 1073739901 ipsec
>    esp/tunnel/50.1.1.227-50.1.1.239/unique:1
>    created: Apr 12 00:38:26 2012  lastused:
>    lifetime: 0(s) validtime: 0(s)
>    spid=1378 seq=1 pid=23592
>    refcnt=1
>
> 0.0.0.0/0[any] <http://0.0.0.0/0%5Bany%5D> 50.1.1.239[any] any
>    in prio high + 1073739901 ipsec
>    esp/tunnel/50.1.1.227-50.1.1.239/unique:1
>    created: Apr 12 00:38:26 2012  lastused:
>    lifetime: 0(s) validtime: 0(s)
>    spid=1368 seq=2 pid=23592
>    refcnt=1
> 50.1.1.239[any] 0.0.0.0/0[any] <http://0.0.0.0/0%5Bany%5D> any
>    out prio high + 1073739901 ipsec
>    esp/tunnel/50.1.1.239-50.1.1.227/unique:1
>    created: Apr 12 00:38:26 2012  lastused:
>    lifetime: 0(s) validtime: 0(s)
>    spid=1361 seq=3 pid=23592
>    refcnt=1
>
> Regards,
> Saravanan N
>
> _______________________________________________
> Users mailing list
> [email protected]
> https://lists.strongswan.org/mailman/listinfo/users
>

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to