Issue #1083
Updated by Tobias Brunner about 10 years ago
Hello
I'm setting up a VPN using strongSwan,like this:
<pre>
192.168.1.2...(server A)172.16.65.2 ==== 172.16.65.1(server B)...192.168.55.2
</pre>
The connection is established OK. I can ping from client 192.168.1.2 to 192.168.55.2, but I can't ping from 192.168.1.2 to 192.168.55.2.
the ipsec status on server A:
<pre>
000 #3: "vpn" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2286s; newest IPSEC; eroute owner
000 #3: "vpn" esp.cd80c02d@172.16.65.1 (240 bytes, 90s ago) esp.cdb335cf@172.16.65.2 (240 bytes, 529s ago); tunnel
000 #1: "vpn" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 9245s; newest ISAKMP
</pre>
tcpdump on server A:
<pre>
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
20:27:26.770959 IP 172.16.65.2.500 > 172.16.65.1.500: isakmp: phase 2/others ? oakley-quick[E]
20:27:26.771947 IP 172.16.65.1.500 > 172.16.65.2.500: isakmp: phase 2/others ? inf[E]
20:27:31.770493 ARP, Request who-has 172.16.65.1 tell 172.16.65.2, length 28
20:27:31.770828 ARP, Reply 172.16.65.1 is-at 00:0c:29:f7:6b:c2, length 46
20:27:36.782186 IP 172.16.65.2.500 > 172.16.65.1.500: isakmp: phase 2/others ? oakley-quick[E]
20:27:36.783019 IP 172.16.65.1.500 > 172.16.65.2.500: isakmp: phase 2/others ? inf[E]
20:27:41.782461 ARP, Request who-has 172.16.65.2 tell 172.16.65.1, length 46
20:27:41.782505 ARP, Reply 172.16.65.2 is-at 00:0c:29:09:6d:53, length 28
20:27:56.800708 IP 172.16.65.2.500 > 172.16.65.1.500: isakmp: phase 2/others ? oakley-quick[E]
20:27:56.801386 IP 172.16.65.1.500 > 172.16.65.2.500: isakmp: phase 2/others ? inf[E]
</pre>
Can you help me please?
Thank you in advance for your help.
I'm setting up a VPN using strongSwan,like this:
<pre>
192.168.1.2...(server A)172.16.65.2 ==== 172.16.65.1(server B)...192.168.55.2
</pre>
The connection is established OK. I can ping from client 192.168.1.2 to 192.168.55.2, but I can't ping from 192.168.1.2 to 192.168.55.2.
the ipsec status on server A:
<pre>
000 #3: "vpn" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2286s; newest IPSEC; eroute owner
000 #3: "vpn" esp.cd80c02d@172.16.65.1 (240 bytes, 90s ago) esp.cdb335cf@172.16.65.2 (240 bytes, 529s ago); tunnel
000 #1: "vpn" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 9245s; newest ISAKMP
</pre>
tcpdump on server A:
<pre>
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
20:27:26.770959 IP 172.16.65.2.500 > 172.16.65.1.500: isakmp: phase 2/others ? oakley-quick[E]
20:27:26.771947 IP 172.16.65.1.500 > 172.16.65.2.500: isakmp: phase 2/others ? inf[E]
20:27:31.770493 ARP, Request who-has 172.16.65.1 tell 172.16.65.2, length 28
20:27:31.770828 ARP, Reply 172.16.65.1 is-at 00:0c:29:f7:6b:c2, length 46
20:27:36.782186 IP 172.16.65.2.500 > 172.16.65.1.500: isakmp: phase 2/others ? oakley-quick[E]
20:27:36.783019 IP 172.16.65.1.500 > 172.16.65.2.500: isakmp: phase 2/others ? inf[E]
20:27:41.782461 ARP, Request who-has 172.16.65.2 tell 172.16.65.1, length 46
20:27:41.782505 ARP, Reply 172.16.65.2 is-at 00:0c:29:09:6d:53, length 28
20:27:56.800708 IP 172.16.65.2.500 > 172.16.65.1.500: isakmp: phase 2/others ? oakley-quick[E]
20:27:56.801386 IP 172.16.65.1.500 > 172.16.65.2.500: isakmp: phase 2/others ? inf[E]
</pre>
Can you help me please?
Thank you in advance for your help.