<div dir="ltr"><div dir="ltr">Hi Paul<div><br></div><div>Thanks for your answer. But sadly, this did not help.</div><div><br></div><div><div>$ ip route </div><div>default via 192.168.42.129 dev enp0s12u2 proto dhcp metric 100 </div><div><span style="color:rgb(80,0,80)">xx.yyy.zzz.vv</span> dev vti0 scope link </div><div><a href="http://169.254.0.0/16">169.254.0.0/16</a> dev enp0s12u2 scope link metric 1000 </div><div><a href="http://192.168.42.0/24">192.168.42.0/24</a> dev enp0s12u2 proto kernel scope link src 192.168.42.91 metric 100 </div><div><br></div><div>$ route </div><div>Kernel-IP-Routentabelle</div><div>Ziel Router Genmask Flags Metric Ref Use Iface</div><div>default _gateway 0.0.0.0 UG 100 0 0 enp0s12u2</div><div>xxxxxxxx.dip0. 0.0.0.0 255.255.255.255 UH 0 0 0 vti0</div><div>link-local 0.0.0.0 255.255.0.0 U 1000 0 0 enp0s12u2</div><div>192.168.42.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s12u2</div></div><div><br></div><div><br></div><div>192.168.42.x is the clients network</div><div><span style="color:rgb(80,0,80)">xx.yyy.zzz.vv</span> is internet-ip of remote network behind some domain<br></div><div>192.168.92.x is the remote network I want to access</div><div><br></div><div>Whats wrong with my config?</div><div><br></div><div>Best regards</div><div>Johannes</div><div><br></div><div><br></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">Am Do., 4. Okt. 2018 um 16:50 Uhr schrieb Paul Wouters <<a href="mailto:paul@nohats.ca">paul@nohats.ca</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Thu, 4 Oct 2018, Johannes C. Schulz wrote:<br>
<br>
> Hello LibreSwan community!It was a long way to get my libreswan connecting to a vpn-server (which is actually a dsl-router from bintec). The server accepts IPsec IKEv1<br>
> connection with PSK. I can connect, but there is no traffic through the tunnel.<br>
> The problem must be on roadwarriors-side, because I can connect and transfer data through the tunnel if I connect with a windows machine to the vpn-server (using<br>
> ShrewSoft).<br>
> <br>
> I wrote this config:<br>
> <br>
> config setup<br>
> protostack = netkey<br>
> <br>
> conn Office1<br>
> authby = secret<br>
> right = some.domain.tld<br>
> rightid = @Office_admin<br>
> rightnexthop = %defaultroute<br>
> left = 192.168.42.91<br>
> leftsubnet = <a href="http://192.168.92.0/24" rel="noreferrer" target="_blank">192.168.92.0/24</a><br>
> leftvti = <a href="http://192.168.92.234/24" rel="noreferrer" target="_blank">192.168.92.234/24</a><br>
> leftid = @Office<br>
> keyexchange = ike<br>
> ike = aes256-sha2;modp2048<br>
> esp = aes256-sha2;modp2048<br>
> ikelifetime = 4h<br>
> keylife = 8h<br>
> auto = add<br>
> aggrmode = yes<br>
> vti-interface = vti0<br>
> vti-routing = yes<br>
> mark = 5/0xffffffff<br>
<br>
Try adding sha2_truncbug=yes and see if that fixes your issue. The<br>
router might be doing "broken linux compatibility" mode by default.<br>
<br>
> netstat -r -n<br>
> Kernel-IP-Routentabelle<br>
> Ziel Router Genmask Flags MSS Fenster irtt Iface<br>
> 0.0.0.0 192.168.42.129 0.0.0.0 UG 0 0 0 enp0s12u2<br>
> xx.yyy.zzz.vv 0.0.0.0 255.255.255.255 UH 0 0 0 vti0<br>
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 enp0s12u2<br>
> 192.168.42.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s12u2<br>
> 192.168.92.0 0.0.0.0 255.255.255.0 U 0 0 0 vti0<br>
<br>
What does "ip route" say. It is important to see if you got the proper<br>
route into the VTI interface. I assume xx.yyy.zzz.vv is some.domain.tld's IP ?<br>
<br>
> ping 192.168.92.10<br>
> PING 192.168.92.10 (192.168.92.10) 56(84) bytes of data.<br>
> From 192.168.92.234 icmp_seq=1 Destination Host Unreachable<br>
<br>
Is this in the remote end? because you defined that to be on your end?<br>
<br>
Paul<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Viele Grüße<br></div>Johannes C. Schulz<br><br>
<p><span style="color:rgb(204,204,204)"><font size="1">„<b><i>Programmer
- n. [proh-gram-er] an organism that turns caffeine and pizza into software“</i></b></font></span><br></p></div></div>