Hello, Please provide all information as listed on the HelpRequests[1] page.
Kind regards Noel [1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests Am 27.09.20 um 16:36 schrieb strongswan....@it-beheer.eu: > Hello everyone, > > I am having problems getting an ip range over a tunnel that i want. And don't > see what i do wrong... > > I have setup the following where MS1 and V1 are under my control: > windows host (MS1) -> vpn server (/V1/) =tunnel= vpn server (V2) -> win > hosts ( x.64.48.41 (MS2) and x.64.51.113 (MS3) ) > conn A > left=<ext ip> > right=<ext ip> > leftsubnet=10.33.3.0/24 > rightsubnet=x.64.48.0/21 > and the rest > > The tunnel comes up fine. I can send a ping to x.64.48.41 from MS1. But fail > to ping MS3. > I bring down the tunnel and start a ping MS3. Bring up the tunnel and ping > reply is fine. But now i fail to ping MS2. Doing the same reverses everything > al the time. So it seams the the first ping that comes trough gets to be > working. And gets to add the route. > > table 220 gives me: > x.64.48.0/21 via <ext ip> dev ens18 proto static src 10.33.3.254 > x.64.48.41 via <ext ip> dev ens18 proto static src 10.33.3.254 > and got ping to MS2 working. > > I tried adding > x.64.51.113 via <ext ip> dev ens18 proto static src 10.33.3.254 > > But the packages don't seem to be send in to the tunnel. They do arrive at V1 > from MS1. I don't get why Strongswan add 2 routes to the table even the ip is > included in the subnet. > > ----------------------------------------- > I tried a setup with two other setup's but also never both pings working: > -------- > rightsubnet=x.64.48.41/32,x64.51.113/32 But with the same result. > -------- > > and: > -------- > Conn A > rightsubnet=x.64.48.41/32 > > Conn BA > also=A > rightsubnet=x.64.51.113/32 > -------- > > Hope someone can make me a bit smarter and explain and solve my problem. > Tried to keep al the ip's as real as possible so hope all is clear enough. > > Kind rgds, Ben >
signature.asc
Description: OpenPGP digital signature