-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Jose,
Is there a firewall active on either of the host? Do the traffic counters,
which are shown in the output of "ipsec statusall", increment?
Regards,
Noel Kuntze
GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 29.07.2014 um 22:24 schrieb Joe Ryan:
> Hello Everyone,
>
> I have a DigitalOcean VPS running Ubuntu 12.04 that I want to connect to with
> a BeagleBone running Debian so that I can access all of the devices on the
> same subnet as the BeagleBone, and not have to worry about an IT department
> opening ports. I have tried this with both StrongSwan 4.5.2 and 5.2.0 and
> have the same result, so I'm sure it's my configuration. After bringing up
> the the connection everything negotiates as expected, and the final line of
> ipsec status all is machinetun{1}: 10.128.0.0/16 === 192.168.250.0/24 where
> machinetun is the connection 10.128.0.0/16 is a private network on
> DigitalOcean and the 192.168.250.0/24 is a private network on my machine. My
> logs show the CHILD_SA being established and rekeyed as expected, with keep
> alive packets going out frequently, and nothing to suggest a problem.
>
> At this point I would hope that I would be able to ping the gateway on my
> machine, 192.168.250.60 from the DigitalOcean VPS private IP address using
> one of the following:
>
> #ping the BeagleBone gateway from DO
> ping 192.168.250.60
> #ping the BeagleBone gateway with an interface on the DO private network
> ping -I 10.128.120.160 192.168.250.60
>
> But get no results in this direction or the reverse.
>
> I also have net.ipv4.ip_forward 1 on both machines.
>
> My configurations are below, and I hope someone might have a good idea what
> direction I can look to in to figure out what I've done wrong.
>
> # BeagleBone Conf
> config setup
> strictcrlpolicy=no
> charondebug=1
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=%forever
> keyexchange=ikev2
> left=%any
> leftcert=beagleCert.der
> [email protected]
> lefthostaccess=yes
> leftfirewall=yes
>
> conn machinetun
> leftsourceip=%config
> leftsubnet=192.168.250.0/24
> right=hostname.com
> [email protected]
> rightsubnet=10.128.0.0/16
> auto=start
>
> # DigitalOcean Conf
> config setup
> strictcrlpolicy=no
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> keyexchange=ikev2
> left=%any
> leftcert=svCert.der
> [email protected]
> lefthostaccess=yes
> leftfirewall=yes
>
> conn machinetun
> leftsubnet=10.128.0.0/16
> right=%any
> rightsubnet=192.168.250.0/24
> [email protected]
> rightsourceip=10.128.0.50
> auto=add
>
> Thank you,
> Joe
> _______________________________________________
> Users mailing list
> [email protected]
> https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJT2AOaAAoJEDg5KY9j7GZYzIgP/jTC5ZAaxKPvowYe19v7LRca
ySlHVvPKsf/Wcgsc/ouzzZ5wa/3zP+UrLf5hLedvkcyENtNu/U7i7xV917j83H5x
kX9JdLXe1dLFVwLHzKTS870I1KByit0F0daI5y24TpcL5KF9eQ9jh+qRHcGvpApj
0Py9b2JuJi3z33moWqiqM9h9mD9Q9X0Maf2VmMx4hThCQN26FoZImB/tvtxv+8TM
VqEuZcl/wzELnqvMi4c4P/5l/EzNV6v6eFHmnD018f4EbUyhdLHAv37B882q/Gwy
D8LT6JYX/iRq2Nl16QOhaPlCC9cULyNLi9jqqXxDAaAmTS0PZrqUuTSxzj0pn1N1
X3oG642tQXsRu1jb8ONO7okWFHC1nU3wxNYzACvNgiBqJ7BhA78SV/ABV/VOzouP
I9ST7YjPli4yFvfrsN77y1ArGjEdEtvSAEZS4OdtwIqPa6EO9bWlSqXXMuOhFJ8o
IaRYCfr2y/LnWzU/woW2H3Us/ed5TCWAI8pd4xUl5iU8DUrxiu0Q6IHqRKNrHO3g
p+UUaW2ekoEgRGANee3vqubr6FhFemQB2cAXKLHWw7uz0+SWZCN+PaV54+ANJxWm
JddffniFUee+QEM0JUWHEgiQE5l5K6qEu42eD2faxxfsB96fvVdZ8TBbdy60CVZZ
D9FdPsnrxOmRYzx3hlLp
=37c9
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
