Hello Noel,
Please see below as requested and advise. Thank you in advance
On Fri, Apr 12, 2019 at 10:47 AM MOSES KARIUKI wrote:
> Thanks Noel as always.
>
> # Generated by iptables-save v1.6.1 on Fri Apr 12 06:50:35 2019
> *mangle
> :PREROUTING ACCEPT [97346:21879529]
> :INPUT ACCEPT
Thanks Tobias as always.
# Generated by iptables-save v1.6.1 on Fri Apr 12 06:50:35 2019
*mangle
:PREROUTING ACCEPT [97346:21879529]
:INPUT ACCEPT [97344:21878509]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [91143:10601255]
:POSTROUTING ACCEPT [91143:10601255]
-A FORWARD -s 10.28.2.0/24 -o ens4 -p tcp
Hi,
Provide your nat rules in iptables/nftables (whatever you're using) or provide
the complete rule set, as shown with `iptables-save`.
Am 11.04.19 um 09:04 schrieb MOSES KARIUKI:
> Hello Noel, Team,
>
> Any kind souls out there?
> Please assist with the below question.
>
>
> On Mon, Apr 8,
Hello Noel, Team,
Any kind souls out there?
Please assist with the below question.
On Mon, Apr 8, 2019 at 3:22 PM MOSES KARIUKI wrote:
> Thanks a lot Noel. The connection is up and stable. Very helpful.
> One more thing, the remote client is able to ping my private IP, but i am
> unable to
Thanks a lot Noel. The connection is up and stable. Very helpful.
One more thing, the remote client is able to ping my private IP, but i am
unable to ping his private IP address. I have checked and my routes seem
OK. What do you suggest?
Below is my status:
*sudo ipsec statusall*
Status of IKE
Thanks a lot Noel. The connection is up and stable. Very helpful.
One more thing, the remote client is able to ping my private IP, but i am
unable to ping his private IP address. I have checked and my routes seem
OK. What do you suggest?
Kind regards,
Moses K
On Thu, Apr 4, 2019 at 9:50 PM Noel
Hi,
You configured "rightsourceip=10.10.10.0/24" but that's supposed to be a
site-to-site connection. Use rightsubnet instead.
rightsourceip is for assigning and requesting virtual IPs. The best way for you
would be to migrate to swanctl instead.
Its configuration format is a lot clearer.
Kind
Dear Tobias,
:) :)
I read the message. But I can't really interpret what setting is needed to
make it work. I have listed my current configuration. I am still finding my
way with Linux networking and Strongswan.
Please assist. I will really appreciate and also offer assist others.
regards,
Hi Moses,
> Apr 1 20:57:58 klick-001 charon: 11[IKE] expected a virtual IP
> request, sending FAILED_CP_REQUIRED
I guess reading is hard. Or is that message (that you explicitly marked
in your email) really that unclear?
Regards,
Tobias
Dear Team,
After further troubleshooting, and changing the config as below :
conn televida
auto=route
compress=no
type=tunnel
reauth=no
mobike=no
keyexchange=ikev2
* lifetime=86400s*
fragmentation=yes
forceencaps=yes
dpdaction=clear
dpddelay=300s
*
Any kind souls out there in this?
On Sun, Mar 31, 2019 at 3:32 PM MOSES KARIUKI wrote:
> Dear Team,
>
> I have not yet succeeded in establishing a connection to the remote
> Fortigate client. The remote client has internal IPs in the range
> I have the following configuration :
> *sudo route
Dear Team,
I have not yet succeeded in establishing a connection to the remote
Fortigate client. The remote client has internal IPs in the range
I have the following configuration :
*sudo route -n*
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse
12 matches
Mail list logo