On DigitalOcean default via 162.243.9.1 dev eth0 metric 100 10.128.0.0/16 dev eth1 proto kernel scope link src 10.128.120.160 162.243.9.0/24 dev eth0 proto kernel scope link src 162.243.9.250
On BeagleBone default via 192.168.250.50 dev eth0 192.168.7.0/30 dev usb0 proto kernel scope link src 192.168.7.2 192.168.250.0/24 dev eth0 proto kernel scope link src 192.168.250.60 Thank you, Joe On 2014-07-29 13:36, Vyronas Tsingaras wrote:
Please post the output of ip route show On 29 July 2014 23:24:33 EEST, Joe Ryan <[email protected]> wrote:Hello Everyone, I have a DigitalOcean VPS running Ubuntu 12.04 that I want to connect to with a BeagleBone running Debian so that I can access all of the devices on the same subnet as the BeagleBone, and not have to worry about an IT department opening ports. I have tried this with both StrongSwan 4.5.2 and 5.2.0 and have the same result, so I'm sure it's my configuration. After bringing up the the connection everything negotiates as expected, and the final line of ipsec status all is machinetun{1}: 10.128.0.0/16 [1] === 192.168.250.0/24 [2] where machinetun is the connection 10.128.0.0/16 [1] is a private network on DigitalOcean and the 192.168.250.0/24 [2] is a private network on my machine. My logs show the CHILD_SA being established and rekeyed as expe! cted, with keep alive packets going out frequently, and nothing to suggest a problem. At this point I would hope that I would be able to ping the gateway on my machine, 192.168.250.60 [3] from the DigitalOcean VPS private IP address using one of the following: #ping the BeagleBone gateway from DO ping 192.168.250.60 [3] #ping the BeagleBone gateway with an interface on the DO private network ping -I 10.128.120.160 [4] 192.168.250.60 [3] But get no results in this direction or the reverse. I also have net.ipv4.ip_forward 1 on both machines. My configurations are below, and I hope someone might have a good idea what direction I can look to in to figure out what I've done wrong. # BeagleBone Conf config setup strictcrlpolicy=no ! charondebug=1 conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=%forever keyexchange=ikev2 left=%any leftcert=beagleCert.der [email protected] lefthostaccess=yes leftfirewall=yes conn machinetun leftsourceip=%config leftsubnet=192.168.250.0/24 [2] right=hostname.com [5] [email protected] rightsubnet=10.128.0.0/16 [1] auto=start # DigitalOcean Conf config setup strictcrlpolicy=no conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev2 left=%any leftcert=svCert.! der /> [email protected] lefthostaccess=yes leftfirewall=yes conn machinetun leftsubnet=10.128.0.0/16 [1] right=%any rightsubnet=192.168.250.0/24 [2] [email protected] rightsourceip=10.128.0.50 [6] auto=add Thank you, Joe ------------------------- Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users [7]-- Sent from my Android device with K-9 Mail. Please excuse my brevity. Links: ------ [1] http://10.128.0.0/16 [2] http://192.168.250.0/24 [3] http://192.168.250.60 [4] http://10.128.120.160 [5] http://hostname.com [6] http://10.128.0.50 [7] https://lists.strongswan.org/mailman/listinfo/users
-- Joe Ryan aphyt - open source tools for industrial automation [email protected] _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
