Could be any number of things. You should check the traffic counters in
`ipsec statusall` on the hub and the clients. If you have firewall
rules check the counters in `iptables -v -L`.
The output of iptables -v -L on the Hub is:
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- ens192 any 192.168.2.0/24
192.168.1.0/24 policy match dir in pol ipsec reqid 376 proto esp
0 0 ACCEPT all -- any ens192 192.168.1.0/24
192.168.2.0/24 policy match dir out pol ipsec reqid 376 proto esp
0 0 ACCEPT all -- ens192 any 192.168.1.0/24
192.168.2.0/24 policy match dir in pol ipsec reqid 375 proto esp
0 0 ACCEPT all -- any ens192 192.168.2.0/24
192.168.1.0/24 policy match dir out pol ipsec reqid 375 proto esp
As I am running OpenWRT on both gateways, iptables -v -L has a long
output. What are the relevant pieces here of iptables? At least I cannot
see any 192.168 rules. I guess OpenWRT is not accepting the traffic.
Can I somehow simulate the traffic from the Hub? How can I send a ping
into the tunnel, e.g. "ping -I 192.168.1.1 192.168.2.1"? Of course,
192.168 is not shown in the interface list of the Hub, but only the
external IP address.
Best regards
Martin
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
