Please post the output of
ip route show
On 29 July 2014 23:24:33 EEST, Joe Ryan <[email protected]> wrote:
>Hello Everyone,
>
>I have a DigitalOcean VPS running Ubuntu 12.04 that I want to connect
>to
>with a BeagleBone running Debian so that I can access all of the
>devices
>on the same subnet as the BeagleBone, and not have to worry about an IT
>
>department opening ports. I have tried this with both StrongSwan 4.5.2
>and 5.2.0 and have the same result, so I'm sure it's my configuration.
>After bringing up the the connection everything negotiates as expected,
>
>and the final line of ipsec status all is machinetun{1}:
>10.128.0.0/16
>=== 192.168.250.0/24 where machinetun is the connection 10.128.0.0/16
>is
>a private network on DigitalOcean and the 192.168.250.0/24 is a private
>
>network on my machine. My logs show the CHILD_SA being established and
>rekeyed as expected, with keep alive packets going out frequently, and
>nothing to suggest a problem.
>
>At this point I would hope that I would be able to ping the gateway on
>my machine, 192.168.250.60 from the DigitalOcean VPS private IP address
>
>using one of the following:
>
>#ping the BeagleBone gateway from DO
>ping 192.168.250.60
>#ping the BeagleBone gateway with an interface on the DO private
>network
>ping -I 10.128.120.160 192.168.250.60
>
>But get no results in this direction or the reverse.
>
>I also have net.ipv4.ip_forward 1 on both machines.
>
>My configurations are below, and I hope someone might have a good idea
>what direction I can look to in to figure out what I've done wrong.
>
># BeagleBone Conf
>config setup
> strictcrlpolicy=no
> charondebug=1
>conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=%forever
> keyexchange=ikev2
> left=%any
> leftcert=beagleCert.der
> [email protected]
> lefthostaccess=yes
> leftfirewall=yes
>
>conn machinetun
> leftsourceip=%config
> leftsubnet=192.168.250.0/24
> right=hostname.com
> [email protected]
> rightsubnet=10.128.0.0/16
> auto=start
>
># DigitalOcean Conf
>config setup
> strictcrlpolicy=no
>conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> keyexchange=ikev2
> left=%any
> leftcert=svCert.der
> [email protected]
> lefthostaccess=yes
> leftfirewall=yes
>
>conn machinetun
> leftsubnet=10.128.0.0/16
> right=%any
> rightsubnet=192.168.250.0/24
> [email protected]
> rightsourceip=10.128.0.50
> auto=add
>
>Thank you,
>Joe
>_______________________________________________
>Users mailing list
>[email protected]
>https://lists.strongswan.org/mailman/listinfo/users
--
Sent from my Android device with K-9 Mail. Please excuse my brevity._______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
