Re: [strongSwan] IPtables settings

Tue, 14 Jan 2020 07:39:03 -0800 

Those settings look good, please send this output:

$ sysctl -a | grep -e "forwarding"

On Tue, Jan 14, 2020 at 4:08 AM [email protected] <[email protected]>
wrote:

> Hi.
>
> Please, can anyone give some advices?
>
> Thank you!
> On 1/13/20 4:41 PM, [email protected] wrote:
>
> /etc/ipsec.conf
>
> # basic configuration
> config setup
>         charondebug="all"
>         uniqueids=yes
>         strictcrlpolicy=no
>
> # connection 1
> conn site1-to-site2
>   authby=secret
>   left=%defaultroute
>   leftid=111.111.111.45
>   leftsubnet=172.16.11.0/24
>   right=222.222.222.210
>   rightsubnet=172.16.15.0/24
>   ike=aes256-sha2_256-modp1024!
>   esp=aes256-sha2_256!
>   keyingtries=0
>   ikelifetime=1h
>   lifetime=8h
>   dpddelay=30
>   dpdtimeout=120
>   dpdaction=restart
>   auto=start
>
> Only this file where I've defined  my site-to-site settings.
>
>
> On 1/13/20 4:36 PM, Felipe Arturo Polanco wrote:
>
> Hi,
>
> Please also send the content of /etc/ipsec.conf and/or /etc/swanctl.conf ,
> /etc/swanctl/swanctl.conf , the file where you defined your site-to-site
> settings.
>
> On Mon, Jan 13, 2020 at 10:27 AM [email protected] <[email protected]>
> wrote:
>
>> Also it ipsec.conf file
>>
>> # basic configuration
>> config setup
>>         charondebug="all"
>>         uniqueids=yes
>>         strictcrlpolicy=no
>>
>> # connection to paris datacenter
>> conn totorum-to-camulodunum
>>   authby=secret
>>   left=%defaultroute
>>   leftid=111.111.111.45
>>   leftsubnet=172.16.11.0/24
>>   right=222.222.222.210
>>   rightsubnet=172.16.15.0/24
>>   ike=aes256-sha2_256-modp1024!
>>   esp=aes256-sha2_256!
>>   keyingtries=0
>>   ikelifetime=1h
>>   lifetime=8h
>>   dpddelay=30
>>   dpdtimeout=120
>>   dpdaction=restart
>>   auto=start
>>
>> On 1/13/20 4:15 PM, Felipe Arturo Polanco wrote:
>>
>> Hi,
>>
>> Please send us the following information:
>>
>> Strongswan configuration and
>> Output of:
>> iptables-save
>> ip xfrm policy
>> ip route show
>> ip rule show
>> ip address show
>>
>> Thanks,
>>
>>
>> On Mon, Jan 13, 2020 at 10:13 AM [email protected] <[email protected]>
>> wrote:
>>
>>> Hello,
>>>
>>> I am trying to set up a point-to-point VPN connection between two KVM
>>> hosts running Ubuntu 18.04 LTS.
>>>
>>> For struggling fro more then a week to make it work but without success.
>>>
>>> The tunnel seams to be running but I cannot make the connection between
>>> internal subenets.
>>>
>>> Can anyone tell me what iptables rules should I set?
>>>
>>> Thank you!
>>>
>>> Best regards!
>>>
>>>
>>>

Reply via email to