Re: [strongSwan] ipsec to VPS

2014-12-09 Thread Eric Zhang
I fixed it by adding route on both sides.thanks for your help! Sent from Mobile > On 2014年12月8日, at 16:34, Noel Kuntze wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Hello Eric, > > Please post the output of "stables-save" of the gateway and client. > It is much more easily

Re: [strongSwan] ipsec to VPS

2014-12-08 Thread Noel Kuntze
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello Eric, Please post the output of "stables-save" of the gateway and client. It is much more easily readable than the output of "iptables -Ln" and includes all tables. Mit freundlichen Grüßen/Regards, Noel Kuntze Fingerprint: 23CA BB60 2146 05E

Re: [strongSwan] ipsec to VPS

2014-12-08 Thread Noel Kuntze
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello Eric, You need to change the rule on the side that has that rule. Mit freundlichen Grüßen/Regards, Noel Kuntze Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 08.12.2014 um 00:24 schrieb Eric Zhang: > This iptables rule sh

Re: [strongSwan] ipsec to VPS

2014-12-07 Thread Eric Y. Zhang
on client: netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.88.10.0.0.0 UG0 0 0 wlan0 192.168.87.0192.168.89.1255.255.255.255 UGH 0 0 0 br-lan 192.168.88.0

Re: [strongSwan] ipsec to VPS

2014-12-07 Thread Eric Zhang
This iptables rule should me on both sides of strongswan gateway and client? Sent from Mobile > On 2014年12月8日, at 02:18, Noel Kuntze wrote: > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Hello Eric, > > Please check if any iptables rules are dropping the packets. Also, please

Re: [strongSwan] ipsec to VPS

2014-12-07 Thread Noel Kuntze
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello Eric, Please check if any iptables rules are dropping the packets. Also, please make sure any SNAT or MASQUERADE rule does not match the traffic that is to be tunneled. You can do that using the "policy" match module in iptables. The follow

Re: [strongSwan] ipsec to VPS

2014-12-07 Thread Noel Kuntze
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello Eric, Please check if any iptables rules are dropping the packets. Also, please make sure any SNAT or MASQUERADE rule does not match the traffic that is to be tunneled. You can do that using the "policy" match module in iptables. The follow

[strongSwan] ipsec to VPS

2014-12-07 Thread Eric Y. Zhang
Hi all I need to setup an IPSec tunnel to my VPS which only has one public IP. so I add eth0.1 192.168.87.1/24, and follow the steps on http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/; and I can see ipsec tunnel is up on both sides. unabove[7]: ESTABLISHED 39 minutes ago, 192.168.88