[Swan] ipsec issue
Mehboob Ansari
mehboob.ansari at wavenetcorp.com
Sat Oct 10 13:09:23 UTC 2020
Hi Team,
Please help in below scenario:-
I have 3 machines :- machine A ( ip - 10.5.5.7, Client ), machine B(10.5.5.52, server ) and machine C [ callto:(192.168.13.212 | (192.168.13.212 ] ).
Ipsec sec tunnel established between machine A and machine B. when i ping from A to B , ipsec whack --trafficstatus in and out byte get increase.
Now machine C is connected with machine B through usb to ethernet converter and there is a route at machine A so that i can ping machine C through machine A, But when i ping machine C from machine A , ping get started but ipsec whack --trafficstatus is not increasing means outgoing packets are going through tunnel.
and when i ping C to A , ipsec whack --trafficstatus showing in out bytes correclty.
means when i ping A to C packets not going through tunnel but when i ping C to A packets going through tunnel.
route set at machine A = route add -net 192.168.13.0/24 gw 10.5.5.52
route set at machine C = route add -net 10.5.5.0/24 gw 192.168.13.50
Note - 192.168.13.50 is the ip of usb to ethernet interface which connect machine B(server) to C.
Expected result - I want when i ping machine C through machine A , ipsec traffic should get increase.
Note - Ipsec tunnel is only between A and B , where A is client and B is server.
Server ipsec.conf
config setup
protostack=netkey
#virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:!10.231.247.0/24,%v4:!10.231.246.0/24
# uniqueids=no
nssdir=/etc/ipsec.d
#dumpdir=/var/run/pluto/
logfile=/var/log/pluto.log
conn myconn
authby=rsasig
left=10.5.5.50
leftcert=10.5.5.50
leftid=%fromcert
leftsendcert=always
#leftsubnet=10.5.5.50/24
# leftrsasigkey=%cert
right=10.5.5.5
#rightsubnet=10.5.5.5/24
rightid=%fromcert
type=tunnel
ikev2=insist
auto=start
encapsulation=yes
Client ipsec.conf
config setup
protostack=netkey
#virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:!10.231.247.0/24,%v4:!10.231.246.0/24
# uniqueids=no
nssdir=/etc/ipsec.d
#dumpdir=/var/run/pluto/
logfile=/var/log/pluto.log
conn myconn
authby=rsasig
left=10.5.5.5
leftcert=10.5.5.50
leftid=%fromcert
leftsendcert=always
#leftsubnet=10.5.5.55/24
# leftrsasigkey=%cert
right=10.5.5.50
#rightsubnet=10.5.5.50/24
rightid=%fromcert
type=tunnel
ikev2=insist
auto=start
encapsulation=yes
Please help in out in my stuck from last 10 days.
Regards,
Mehboob Ansari
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20201010/d65225b2/attachment.html>
More information about the Swan
mailing list