[Swan] Problem in Return off package
Bruno de Oliveira Bastos
brunopsitech at gmail.com
Mon Sep 10 21:08:45 UTC 2018
HI, i have a VPN Site to Site using a CentOS 7. My network is
192.168.10.0/24 and remote 192.168.5.0/24. I Saw the ipsec its established
and UP. But when i ping the 192.168.5.140 the package out and return from
the other side, but the ICMP dont answer. There is something to enable in
spd database or sysct to solve this. This is my configuration:
# /etc/ipsec.conf - Libreswan IPsec configuration file
# basic configuration
config setup
dumpdir=/var/run/pluto/
virtual_private=%v4:
10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
conn test
auto=start
pfs=no
authby=secret
type=tunnel
ike=3des-sha1;modp1024
phase2=esp
phase2alg=3des-sha1;modp1024
left=200.200.200.2
leftsubnet=192.168.10.0/24
right=200.200.200.1
rightsubnet=192.168.5.0/24
include /etc/ipsec.d/*.conf
# sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
# Diable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Result of systemctl status ipsec
Set 10 17:27:20 firewall pluto[4629]: "test" #2: STATE_QUICK_I2: sent QI2,
IPsec SA established tunnel mode {ESP=>0xbd3920db <...assive}
Using tcpdump, i saw the package out in my interface wan, and i recive a
return of external ip client, but my workstation cant ping the other side
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180910/11ca66f7/attachment.html>
More information about the Swan
mailing list