[Swan] ipsec issue

Mehboob Ansari mehboob.ansari at wavenetcorp.com
Sat Oct 10 13:09:23 UTC 2020


Hi Team, 

Please help in below scenario:- 

I have 3 machines :- machine A ( ip - 10.5.5.7, Client ), machine B(10.5.5.52, server ) and machine C [ callto:(192.168.13.212 | (192.168.13.212 ] ). 

Ipsec sec tunnel established between machine A and machine B. when i ping from A to B , ipsec whack --trafficstatus in and out byte get increase. 

Now machine C is connected with machine B through usb to ethernet converter and there is a route at machine A so that i can ping machine C through machine A, But when i ping machine C from machine A , ping get started but ipsec whack --trafficstatus is not increasing means outgoing packets are going through tunnel. 
and when i ping C to A , ipsec whack --trafficstatus showing in out bytes correclty. 

means when i ping A to C packets not going through tunnel but when i ping C to A packets going through tunnel. 

route set at machine A = route add -net 192.168.13.0/24 gw 10.5.5.52 
route set at machine C = route add -net 10.5.5.0/24 gw 192.168.13.50 

Note - 192.168.13.50 is the ip of usb to ethernet interface which connect machine B(server) to C. 


Expected result - I want when i ping machine C through machine A , ipsec traffic should get increase. 

Note - Ipsec tunnel is only between A and B , where A is client and B is server. 



Server ipsec.conf 

config setup 
protostack=netkey 
#virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:!10.231.247.0/24,%v4:!10.231.246.0/24 
# uniqueids=no 
nssdir=/etc/ipsec.d 
#dumpdir=/var/run/pluto/ 
logfile=/var/log/pluto.log 
conn myconn 
authby=rsasig 
left=10.5.5.50 
leftcert=10.5.5.50 
leftid=%fromcert 
leftsendcert=always 
#leftsubnet=10.5.5.50/24 
# leftrsasigkey=%cert 
right=10.5.5.5 
#rightsubnet=10.5.5.5/24 
rightid=%fromcert 
type=tunnel 
ikev2=insist 
auto=start 
encapsulation=yes 

Client ipsec.conf 

config setup 
protostack=netkey 
#virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:!10.231.247.0/24,%v4:!10.231.246.0/24 
# uniqueids=no 
nssdir=/etc/ipsec.d 
#dumpdir=/var/run/pluto/ 
logfile=/var/log/pluto.log 
conn myconn 
authby=rsasig 
left=10.5.5.5 
leftcert=10.5.5.50 
leftid=%fromcert 
leftsendcert=always 
#leftsubnet=10.5.5.55/24 
# leftrsasigkey=%cert 
right=10.5.5.50 
#rightsubnet=10.5.5.50/24 
rightid=%fromcert 
type=tunnel 
ikev2=insist 
auto=start 
encapsulation=yes 



Please help in out in my stuck from last 10 days. 


Regards, 
Mehboob Ansari 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20201010/d65225b2/attachment.html>


More information about the Swan mailing list