Re: [strongSwan] IPtables settings

Tue, 14 Jan 2020 00:08:52 -0800 

Hi.

Please, can anyone give some advices?

Thank you!

On 1/13/20 4:41 PM, [email protected] wrote:


/etc/ipsec.conf

# basic configuration
config setup
        charondebug="all"
        uniqueids=yes
        strictcrlpolicy=no

# connection 1
conn site1-to-site2
  authby=secret
  left=%defaultroute
  leftid=111.111.111.45
  leftsubnet=172.16.11.0/24
  right=222.222.222.210
  rightsubnet=172.16.15.0/24
  ike=aes256-sha2_256-modp1024!
  esp=aes256-sha2_256!
  keyingtries=0
  ikelifetime=1h
  lifetime=8h
  dpddelay=30
  dpdtimeout=120
  dpdaction=restart
  auto=start

Only this file where I've defined  my site-to-site settings.


On 1/13/20 4:36 PM, Felipe Arturo Polanco wrote:

Hi,
Please also send the content of /etc/ipsec.conf and/or /etc/swanctl.conf , /etc/swanctl/swanctl.conf , the file where you defined your site-to-site settings.
On Mon, Jan 13, 2020 at 10:27 AM [email protected] <mailto:[email protected]> <[email protected] <mailto:[email protected]>> wrote: 

    Also it ipsec.conf file

    # basic configuration
    config setup
            charondebug="all"
            uniqueids=yes
            strictcrlpolicy=no

    # connection to paris datacenter
    conn totorum-to-camulodunum
      authby=secret
      left=%defaultroute
      leftid=111.111.111.45
      leftsubnet=172.16.11.0/24 <http://172.16.11.0/24>
      right=222.222.222.210
      rightsubnet=172.16.15.0/24 <http://172.16.15.0/24>
      ike=aes256-sha2_256-modp1024!
      esp=aes256-sha2_256!
      keyingtries=0
      ikelifetime=1h
      lifetime=8h
      dpddelay=30
      dpdtimeout=120
      dpdaction=restart
      auto=start

    On 1/13/20 4:15 PM, Felipe Arturo Polanco wrote:

    Hi,

    Please send us the following information:

    Strongswan configuration and
    Output of:
    iptables-save
    ip xfrm policy
    ip route show
    ip rule show
    ip address show

    Thanks,


    On Mon, Jan 13, 2020 at 10:13 AM [email protected]
    <mailto:[email protected]> <[email protected]
    <mailto:[email protected]>> wrote:

        Hello,

        I am trying to set up a point-to-point VPN connection
        between two KVM
        hosts running Ubuntu 18.04 LTS.

        For struggling fro more then a week to make it work but
        without success.

        The tunnel seams to be running but I cannot make the
        connection between
        internal subenets.

        Can anyone tell me what iptables rules should I set?

        Thank you!

        Best regards!

Reply via email to