Re: [strongSwan] Cannot pass the traffic through the established tunnel.

2018-04-06 Thread Sujoy
Sujoy On Thursday 05 April 2018 10:15 PM, Noel Kuntze wrote: Hello Sujoy, Do you mean to block all traffic that uses TCP port 80 (0.0.0.0/0[tcp/80]), but the traffic that is protected in an established tunnel? Or do you mean to block everything but what is protected? Kind regards Noel

[strongSwan] Cannot pass the traffic through the established tunnel.

2018-04-04 Thread Sujoy
=== 192.168.10.1/32 -- Thanks Sujoy

[strongSwan] No CHILD_SA tunnel{2} established with nat public IP

2018-03-13 Thread Sujoy
Hi All,   I am facing a issue while establish tunnel through the nated Public IP. When I connect to the same Strongswan server from LAN I get "*CHILD_SA tunnel{2} established with SPIs cb7bd615_i c3fb87d7_o and TS 172.25.12.38/32 == 172.25.1.23/32"*. But from public network "IKE_SA tunnel is

Re: [strongSwan] Traffic blocked through the tunnel

2018-03-09 Thread Sujoy
route installation is enabled in strongswan.conf/charon.conf (the default). Kind regards Noel On 09.03.2018 14:52, Sujoy wrote: Thanks Noel, As you replied this is a new thread. Followed the bellow forwarding and split tunneling link but cannot pass traffic through the Strongswan tunnel. https:

[strongSwan] Traffic blocked through the tunnel

2018-03-09 Thread Sujoy
Thanks Noel, As you replied this is a new thread. Followed the bellow forwarding and split tunneling link but cannot pass traffic through the Strongswan tunnel. https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling Strongswan configuration details. root@mlxvpn:~#

Re: [strongSwan] ssh and http through IPSec

2018-03-09 Thread Sujoy
in *nat). Kind regards Noel [1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests On 07.03.2018 12:50, Sujoy wrote: Hi Jafar, I am not getting any output during "*ip route list table 220*"  the tunnel is established. And it is not allowing any type of traffic any

Re: [strongSwan] ssh and http through IPSec

2018-03-07 Thread Sujoy
estination Chain OUTPUT (policy ACCEPT) target prot opt source   destination [root@VPNTEST ~]# Thanks On Tuesday 06 March 2018 10:46 AM, Sujoy wrote: Hi Jafar,   Thanks for the information. The ping is stopped as soon as the tunnel is established to the right IP of the client. I ca

Re: [strongSwan] ssh and http through IPSec

2018-03-05 Thread Sujoy
8 09:58 PM, Jafar Al-Gharaibeh wrote: Hi Sujoy,   Can you ping the the server's IP address that you want to ssh to ?   Is that the same IP address where the tunnel terminates: the "right" address on the client side ? --Jafar On 3/5/2018 12:31 AM, Sujoy wrote: Hi Christopher,  Thanks

Re: [strongSwan] ssh and http through IPSec

2018-03-04 Thread Sujoy
. Tried with the following but doesn't works. https://wiki.strongswan.org/issues/2351 https://serverfault.com/questions/601143/ssh-not-working-over-ipsec-tunnel-strongswan Thanks Sujoy On Monday 05 March 2018 11:46 AM, Christopher Bachner wrote: Hi Sujoy, Do you route all traffic through

[strongSwan] ssh and http through IPSec

2018-03-04 Thread Sujoy
Hi Jafar,  I have successfully establish connection with tunneling between OpenWRT client and CentOS as StrongSwan server. Now I am facing one issue. How to enable ssh and http through IPSec tunnel in StrongSwan. Thanks Sujoy On Friday 23 February 2018 09:05 PM, Jafar Al-Gharaibeh wrote

Re: [strongSwan] received TS_UNACCEPTABLE notify, no CHILD_SA built

2018-02-08 Thread Sujoy
ruary 2018 11:21 AM, Sujoy wrote: Thanks Jafar, for the update. But after setting up without subnet and "type=tunnel or transport" it shows the same error "failed to establish CHILD_SA, keeping IKE_SA. What should be issue. Thanks On Friday 09 February 2018 01:53 AM, Jafar A

Re: [strongSwan] received TS_UNACCEPTABLE notify, no CHILD_SA built

2018-02-08 Thread Sujoy
Thanks Jafar, for the update. But after setting up without subnet and "type=tunnel or transport" it shows the same error "failed to establish CHILD_SA, keeping IKE_SA. What should be issue. Thanks On Friday 09 February 2018 01:53 AM, Jafar Al-Gharaibeh wrote: Sujoy,   Ju

Re: [strongSwan] received TS_UNACCEPTABLE notify, no CHILD_SA built

2018-02-07 Thread Sujoy
[3]: IKEv2 SPIs: c1a42433ade9fa28_i a52cfea6d767c397_r*, pre-shared key reauthentication in 24 minutes   tunnel[3]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048 Thanks On Wednesday 07 February 2018 09:06 PM, Jafar Al-Gharaibeh wrote: On 2/7/2018 9:22 AM, Sujoy wrote

Re: [strongSwan] received TS_UNACCEPTABLE notify, no CHILD_SA built

2018-02-07 Thread Sujoy
: 175dcf9cdcf11b38_i* 9cc05896738a5e45_r, pre-shared key reauthentication in 32 minutes   tunnel[1]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048 Thanks On Wednesday 07 February 2018 08:31 PM, Jafar Al-Gharaibeh wrote: Sujoy,   Are you sure about    rightsubnet=192.168.1

[strongSwan] Tunneling failed with AES_CBC_256 algorithm

2018-01-30 Thread Sujoy
] to 192.168.10.1[4500] (76 bytes) parsed INFORMATIONAL response 4 [ D ] establishing connection 'tunnel' failed root@Device_BD2009:~# Thanks & Regards Sujoy On Tuesday 16 January 2018 11:23 PM, Noel Kuntze wrote: Hi, Check the logs of the remote side. It means the remote peer did not like the prop

Re: [strongSwan] OpenWRT. IPSec server

2018-01-10 Thread Sujoy
   keyingtries=0     ikelifetime=1h     lifetime=8h     dpddelay=30     dpdtimeout=1h     dpdaction=restart     authby=psk     auto=start Thanks Sujoy On Thursday 04 January 2018 03:38 AM, Noel Kuntze wrote: Hi, Only on the responder. If you use dpd and enforce UD

[strongSwan] OpenWRT. IPSec server

2017-12-28 Thread Sujoy
suggest any solution for this. -- Thanks & Reards Sujoy