0

I have 2 Linux routers in two different geographic location. And I want to create a site-to-site tunnel between these Linux-routers. I use Strongswan. The tunnel successfully up, but ping between private IP's doesn't work.

The config on a router one:

config setup
    charondebug="ike 2, knl 3, cfg 0"
    uniqueids=yes
    strictcrlpolicy=no

#define new ipsec connection
conn router_one
    auto=start
    type=tunnel
    keyexchange=ikev2
    authby=secret
    ike=aes256-sha1-modp1024!
    esp=aes256-sha1!
    dpdaction=restart
    dpddelay=300s
    left=1.1.1.1
    leftsubnet=192.168.1.0/24
    right=2.2.2.2
    rightsubnet=172.16.1.0/24
    aggressive=no
    keyingtries=%forever
    eap_identity=%identity
    ikelifetime=1h
    lifetime=1h
    dpdtimeout=120s
    dpdaction=restart
    fragmentation=no
    mobike=no

The config on a router two:

config setup
    charondebug="ike 2, knl 3, cfg 0"
    uniqueids=yes
    strictcrlpolicy=no

#define new ipsec connection
conn router_two
    auto=start
    type=tunnel
    keyexchange=ikev2
    authby=secret
    ike=aes256-sha1-modp1024!
    esp=aes256-sha1!
    dpdaction=restart
    dpddelay=300s
    left=2.2.2.2
    leftsubnet=172.16.1.0/24
    right=1.1.1.1
    rightsubnet=192.168.1.0/24
    aggressive=no
    keyingtries=%forever
    eap_identity=%identity
    ikelifetime=1h
    lifetime=1h
    dpdtimeout=120s
    dpdaction=restart
    fragmentation=no
    mobike=no

Connection status:

Security Associations (1 up, 0 connecting):
router_one[2]: ESTABLISHED 16 minutes ago, 1.1.1.1[1.1.1.1]...2.2.2.2[2.2.2.2]
router_one{2}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: c2cb0ae8_i cd1dbb07_o
router_one{2}:   192.168.1.0/24 === 172.16.1.0/24
perrfect
  • 65
  • 1
  • 7

0 Answers0