Tica wrote: > Just replace: > 1.1.1.1 = External IP - left > 2.2.2.2 = External IP - right > 192.168.0.0/24 = Internal IP - left > 10.1.1.0/24 = Internal IP - right
> left=1.1.1.1 > leftid=1.1.1.1 > leftsubnet=192.168.0.0/24 > leftfirewall=yes > lefthostaccess=yes > I can't ping from > one network to another... Please help!! Hi Tica, please try two things: Ping from one machine inside the 192.168.0.0/24 subnet to one machine inside the 10.1.1.0/24 subnet. Try leftsourceip=192.168.0.something If you ping from the VPN gateway 1.1.1.1 to 10.1.1.0/24 it won't work because the gateway uses 1.1.1.1 as the source IP address for its pings. And those packets won't travel through the tunnel. The tunnel uses 192.168.0.0/24 <=> 10.1.1.0/24 as the traffic selector. If you ping from 1.1.1.1 to 10.1.1.0/24. Then that's not going to work because it doesn't match the traffic selector. Using leftsourceip causes your gateway to use 192.168.0.xxx as source IP address. Can you run tcpdump on the 1.1.1.1 interface. Do you see ESP packets traveling across that link? Daniel _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
