I fixed it by adding route on both sides.thanks for your help!
Sent from Mobile
> On 2014年12月8日, at 16:34, Noel Kuntze wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Hello Eric,
>
> Please post the output of "stables-save" of the gateway and client.
> It is much more easily
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Eric,
Please post the output of "stables-save" of the gateway and client.
It is much more easily readable than the output of "iptables -Ln" and
includes all tables.
Mit freundlichen Grüßen/Regards,
Noel Kuntze
Fingerprint: 23CA BB60 2146 05E
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Eric,
You need to change the rule on the side that has that rule.
Mit freundlichen Grüßen/Regards,
Noel Kuntze
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 08.12.2014 um 00:24 schrieb Eric Zhang:
> This iptables rule sh
on client:
netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
0.0.0.0 192.168.88.10.0.0.0 UG0 0 0
wlan0
192.168.87.0192.168.89.1255.255.255.255 UGH 0 0 0
br-lan
192.168.88.0
This iptables rule should me on both sides of strongswan gateway and client?
Sent from Mobile
> On 2014年12月8日, at 02:18, Noel Kuntze wrote:
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Hello Eric,
>
> Please check if any iptables rules are dropping the packets. Also, please
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Eric,
Please check if any iptables rules are dropping the packets. Also, please make
sure any SNAT
or MASQUERADE rule does not match the traffic that is to be tunneled.
You can do that using the "policy" match module in iptables.
The follow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Eric,
Please check if any iptables rules are dropping the packets. Also, please make
sure any SNAT
or MASQUERADE rule does not match the traffic that is to be tunneled.
You can do that using the "policy" match module in iptables.
The follow
Hi all
I need to setup an IPSec tunnel to my VPS which only has one public IP.
so I add eth0.1 192.168.87.1/24, and follow the steps on
http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/; and I can see
ipsec tunnel is up on both sides.
unabove[7]: ESTABLISHED 39 minutes ago,
192.168.88