Hi Noel,
Thank you for already looking in to this and your reply. All of a sudden
everything started working about an hour ago. After asking it turns out
the other end changed there settings and now all is working as expected.
Kind rgds, Ben
On 28-09-2020 11:33, Noel Kuntze wrote:
Hello,
Please provide all information as listed on the HelpRequests[1] page.
Kind regards
Noel
[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests
Am 27.09.20 um 16:36 schrieb strongswan....@it-beheer.eu:
Hello everyone,
I am having problems getting an ip range over a tunnel that i want. And don't
see what i do wrong...
I have setup the following where MS1 and V1 are under my control:
windows host (MS1) -> vpn server (/V1/) =tunnel= vpn server (V2) -> win
hosts ( x.64.48.41 (MS2) and x.64.51.113 (MS3) )
conn A
left=<ext ip>
right=<ext ip>
leftsubnet=10.33.3.0/24
rightsubnet=x.64.48.0/21
and the rest
The tunnel comes up fine. I can send a ping to x.64.48.41 from MS1. But fail to
ping MS3.
I bring down the tunnel and start a ping MS3. Bring up the tunnel and ping
reply is fine. But now i fail to ping MS2. Doing the same reverses everything
al the time. So it seams the the first ping that comes trough gets to be
working. And gets to add the route.
table 220 gives me:
x.64.48.0/21 via <ext ip> dev ens18 proto static src 10.33.3.254
x.64.48.41 via <ext ip> dev ens18 proto static src 10.33.3.254
and got ping to MS2 working.
I tried adding
x.64.51.113 via <ext ip> dev ens18 proto static src 10.33.3.254
But the packages don't seem to be send in to the tunnel. They do arrive at V1
from MS1. I don't get why Strongswan add 2 routes to the table even the ip is
included in the subnet.
-----------------------------------------
I tried a setup with two other setup's but also never both pings working:
--------
rightsubnet=x.64.48.41/32,x64.51.113/32 But with the same result.
--------
and:
--------
Conn A
rightsubnet=x.64.48.41/32
Conn BA
also=A
rightsubnet=x.64.51.113/32
--------
Hope someone can make me a bit smarter and explain and solve my problem. Tried
to keep al the ip's as real as possible so hope all is clear enough.
Kind rgds, Ben
