So, my celebration was a bit short lived. Alice and Bob cannot ping each other. :-\ I've been trying to solve this on my own because I do not want to continue to bother everyone on this mailing list... but I have not been able to figure out what the problem is.
Quick review of my setup. I have implemented the example located here: https://www.strongswan.org/uml/testresults/ikev2/net2net-psk/ using two Gateworks 5300s running OpenWRT Chaos Calmer (14.08). They have strongsawn U5.2.0/K3.14.16). Here is how my interfaces are configured http://paste.ubuntu.com/14769187/ With the previous fix the net-net connection comes up and the tunnel is established. As can be seen by the output of 'ipsec statusall' http://paste.ubuntu.com/14768915/ Alice (10.1.0.10) can ping Moon (10.1.0.1) & Sun (10.2.0.1) but not Bob (10.2.0.10) Bob (10.2.0.10) can ping Sun (10.2.0.1) & Moon (10.1.0.1) but not Alice (10.1.0.10) Since Alice (10.1.0.10) can ping Sun (10.2.0.1) but not Bob (10.2.0.10) I am assuming what is happening is that the eth1 interface on Sun (10.2.0.1) is not forwarding the packets from Alice (10.1.0.10) on to Bob (10.2.0.10). After googling the issue some I added the following lines to /etc/firewall.user http://paste.ubuntu.com/14769548/ But this does not fix the problem. Alice cannot ping Bob :-\ The following is the output of 'iptables -L' http://paste.ubuntu.com/14769773/ So, I believe that means the firewall settings are working. After a bit more searching I added the following lines to my firewall.user Moon -------- iptables -I FORWARD -i eth0 -s 10.2.0.0/16 -d 10.1.0.0/16 -m policy --dir in --pol ipsec -j ACCEPT iptables -I FORWARD -s 10.1.0.0/16 -d 10.2.0.0/16 -m policy --dir out --pol ipsec -j ACCEPT Sun ----- iptables -I FORWARD -i eth0 -s 10.1.0.0/16 -d 10.2.0.0/16 -m policy --dir in --pol ipsec -j ACCEPT iptables -I FORWARD -s 10.2.0.0/16 -d 10.1.0.0/16 -m policy --dir out --pol ipsec -j ACCEPT but this also did not fix the problem and Alice and Bob still cannot ping each other. When I type 'ip route list table 220' on moon the output I get is "10.2.0.0/16 via 192.168.0.2 dev eth0 proto static src 10.1.0.1" which I believe means it should route all traffic bound for 10.2.x.x through the tunnel.... I believe it is happening since Alice (10.1.0.10) can ping eth1 on Sun (10.2.0.1). I am at a loss as to why this isn't working... so I am hoping someone on this mailing list will be able to spot what I have misconfigured or what I am missing. Any help will be much appreciated! ~Josiah s. Yeagley _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
