Hello, i have made all changes but problem still there need more help. changes made below and attached ipsec.conf/message log/ statusall/routing table/iptable
IP forwarding enabled in /etc/sysctl.conf net.ipv4.ip_forward = 1 removed That line is formatted wrong. "-diffie-hellman group 2" is invalid did this Don't declare options multiple times in a conn section. flushed routing table to default-strongSwan does the routing for you. Don't install routes yourself. On 2/16/16, Noel Kuntze <[email protected]> wrote: > On 16.02.2016 18:03, christopher kamutumwa wrote: >> Hi does this mean if I flush my iptables and routing tables strongswan >> willroute and write firewall.and how can I tell that? > No. > strongSwan, by default, inserts routes into table 220 and uses policy based > routing to route the traffic to the > remote side(s) into routing table 220, where routes to the protected subnets > are in. > > You seem to not have read the introduction[1] yet. Please read it. added iptables -t nat -I POSTROUTING -s 10.1.0.0/16 -o eth0 -m policy --dir out --pol ipsec --proto esp -j ACCEPT iptables -t nat -I PREROUTING -s 10.2.0.0/16 -i eth0 -m policy --dir in --pol ipsec --proto esp -j ACCEPT iptables -A input_rule -p esp -j ACCEPT iptables -A input_rule -p udp --dport 500 -j ACCEPT iptables -A input_rule -p udp --dport 4500 -j ACCEPT but still no pings to and from the other side though IKE_SA has always been up. please help CHris > > [1] > https://wiki.strongswan.org/projects/strongswan/wiki/IntroductionTostrongSwan > > (Second mail, first one was sent to Christopher only) > > -- > > Mit freundlichen Grüßen/Kind Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > > > > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
