have idea?
发自我的 iPhone > 在 2015年6月12日,16:54,zhuyj <[email protected]> 写道: > > Hi, all > > I configured 4 vmare hosts. The hosts are ubuntu14.04. The gateway moon does > not forward icmp packets. > > The network topology is as below. > > 10.1.0.10 <---->10.1.0.1 (moon) 192.168.0.1<----->192.168.0.2 (sun) > 10.2.0.1<---->10.2.0.10 > > strongswan is 5.3.0. > > On moon > /usr/local/etc/ipsec.conf is as below: > > config setup > > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=1 > authby=secret > keyexchange=ikev2 > mobike=no > > conn net-net > left=192.168.0.1 > leftsubnet=10.1.0.0/16 ---->0.0.0.0/0 > [email protected] > leftfirewall=yes > right=192.168.0.2 > rightsubnet=10.2.0.0/16 ---->0.0.0.0/0 > [email protected] > auto=add > /usr/local/etc/ipsec.secrets is as below: > > : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx > > On Sun > /usr/local/etc/ipsec.conf is as below: > config setup > > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=1 > authby=secret > keyexchange=ikev2 > mobike=no > > conn net-net > left=192.168.0.2 > leftsubnet=10.2.0.0/16 ----->0.0.0.0/0 > [email protected] > leftfirewall=yes > right=192.168.0.1 > rightsubnet=10.1.0.0/16 ----->0.0.0.0/0 > [email protected] > auto=add > > > /usr/local/etc/ipsec.secrets is as below: > > : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx > > Others remain unchanged. > > In the above ipsec.conf file, if I use right/leftsubnet with 0.0.0.0/0, the > whole system can not work well. > If I use right/leftsubnet with 10.1 or 2.0.0/16, the whole system can work > well. > > Does any one have the similar experience? > > Anyone has idea? > > Any reply is appreciated. > > Thanks a lot. > Zhu Yanjun > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
