Re: [strongSwan] Ping is not working after establishing a tunnel in strongswan

Sat, 14 Apr 2012 11:15:30 -0700 

That's not an Iptables issue.  There is a problem in Strongswan Daemon. I m
suspecting that its installing some routes in Kernel.


On Sat, Apr 14, 2012 at 10:52 AM, Rajiv Kulkarni
<[email protected]>wrote:

> Hi
>
> can you try by disabling iptables on the GW running Strongswan (iam
> assuming that it is a linux machine). Try executing these commands, then
> start ipsec and then send traffic:
>
> root# iptables -F
> root# iptables -F -t nat
> root# ipsec start  --- or --- ipsec start --nofork
>
> if above works, then you will need to everytime disable/flush iptables or
> you can stop the iptables/fw daemon in the services permanently
>
> hope this helps
> rajiv
>
>
>
> On Fri, Apr 13, 2012 at 12:01 AM, SaRaVanAn <
> [email protected]> wrote:
>
>> Hi all,
>>
>> *Topology*
>> +++++++
>>      eth0                 eth0 eth1      VPN tunnel   eth1
>>
>> Pc1 ---------------- -------GW  ------------------------------  VPN server
>> 172.31.114.230             172.31.114.231 50.1.1.239
>> 50.1.1.227
>>
>> I have established a VPN tunnel between GW and VPN server using
>> Strongswan. After I established the tunnel the GW is not reachable from PC1
>> and ping fails. I have seen ARP requests in eth0 of GW, but its not
>> replying for that. But if the tunnel is not there , ping is working fine.
>> Please find my SPD rules below and let me know the reason for ping getting
>> dropped.
>>
>>    0.0.0.0/0[any] <http://0.0.0.0/0%5Bany%5D> 50.1.1.239[any] any
>>    fwd prio high + 1073739901 ipsec
>>    esp/tunnel/50.1.1.227-50.1.1.239/unique:1
>>    created: Apr 12 00:38:26 2012  lastused:
>>    lifetime: 0(s) validtime: 0(s)
>>    spid=1378 seq=1 pid=23592
>>    refcnt=1
>>
>> 0.0.0.0/0[any] <http://0.0.0.0/0%5Bany%5D> 50.1.1.239[any] any
>>    in prio high + 1073739901 ipsec
>>    esp/tunnel/50.1.1.227-50.1.1.239/unique:1
>>    created: Apr 12 00:38:26 2012  lastused:
>>    lifetime: 0(s) validtime: 0(s)
>>    spid=1368 seq=2 pid=23592
>>    refcnt=1
>> 50.1.1.239[any] 0.0.0.0/0[any] <http://0.0.0.0/0%5Bany%5D> any
>>    out prio high + 1073739901 ipsec
>>    esp/tunnel/50.1.1.239-50.1.1.227/unique:1
>>    created: Apr 12 00:38:26 2012  lastused:
>>    lifetime: 0(s) validtime: 0(s)
>>    spid=1361 seq=3 pid=23592
>>    refcnt=1
>>
>> Regards,
>> Saravanan N
>>
>> _______________________________________________
>> Users mailing list
>> [email protected]
>> https://lists.strongswan.org/mailman/listinfo/users
>>
>
>

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to