Hi,
I've noticed, that "ping" works after the first "rekeying"...
Forcing a permanent rekeying with margintime=59 made it work
immediately. But this floods the log and seems not to be intended to
work this way.
Any hint what I made wrong?
Thx
Sascha
Zitat von [email protected]:
Ok that makes sense. But replies to pings don't reach the source,
either. So it seems that something is wrong with "routing"?
I really don't have a clue what to debug to find out what's going wrong.
Greets
Sascha
Zitat von Andreas Steffen <[email protected]>:
Hi Sascha,
due to the Linux netfilter architecture tcpdump running on an IPsec
endpoint shows you only the inbound decrypted plaintext but never the
outbound plaintext IP packets. Does tcpdump show outbound encrypted
ESP packets?
Regards
Andreas
On 01/22/2015 12:30 PM, [email protected] wrote:
Hi,
I've build a connection between a FRITZ!Box and a strongSwan server. On
the virtual server where strongSwan is located I've added a virtual
interface and configured the ip 192.168.0.10/24 on it.
Now I'm trying to ping each side of the vpn with no luck.
On the serverside (strongSwan) I can see the incoming icmp requests, but
cannot see an answer:
tcpdump -i eth0 dst host 192.168.0.10 or src host 192.168.0.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
12:25:44.421577 IP 192.168.2.4 > 192.168.0.10: ICMP echo request, id
10277, seq 3537, length 64
12:25:45.421483 IP 192.168.2.4 > 192.168.0.10: ICMP echo request, id
10277, seq 3538, length 64
12:25:46.425221 IP 192.168.2.4 > 192.168.0.10: ICMP echo request, id
10277, seq 3539, length 64
My ipsec.conf:
conn fritzbox
aggressive=no
keyingtries=0
type=tunnel
left=<strongSwan public ip>
leftsubnet=192.168.0.0/24
leftfirewall=yes
lefthostaccess=yes
leftnexthop=%defaultroute
#
ike=aes256-sha-modp1024
esp=aes256-sha1-modp1024
#
right=<hostname of fritzbox>
rightid=@<hostname of fritzbox>
rightsubnet=192.168.2.0/24
leftnexthop=%defaultroute
#
ikelifetime=4h
keylife=1h
#
authby=secret
auto=add
Starting strongSwan gives me the following last line:
Jan 22 12:27:44 linux vpn: + <hostname of fritzbox> 192.168.2.0/24 ==
<fritzbox public ip> -- <strongSwan public ip> == 192.168.0.0/24
"route" shows me:
192.168.0.0 * 255.255.255.0 U 0 0 0
eth0
Any hints what I made wrong or where I have to tweak the settings?
Greets
Sascha
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
--
======================================================================
Andreas Steffen [email protected]
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
