Hi, all
I configured 4 vmare hosts. The hosts are ubuntu14.04. The gateway moon
does not forward icmp packets.
The network topology is as below.
10.1.0.10 <---->10.1.0.1 (moon) 192.168.0.1<----->192.168.0.2 (sun)
10.2.0.1<---->10.2.0.10
strongswan is 5.3.0.
On moon
/usr/local/etc/ipsec.conf is as below:
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net
left=192.168.0.1
leftsubnet=10.1.0.0/16 ---->0.0.0.0/0
[email protected]
leftfirewall=yes
right=192.168.0.2
rightsubnet=10.2.0.0/16 ---->0.0.0.0/0
[email protected]
auto=add
/usr/local/etc/ipsec.secrets is as below:
: PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
On Sun
/usr/local/etc/ipsec.conf is as below:
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net
left=192.168.0.2
leftsubnet=10.2.0.0/16 ----->0.0.0.0/0
[email protected]
leftfirewall=yes
right=192.168.0.1
rightsubnet=10.1.0.0/16 ----->0.0.0.0/0
[email protected]
auto=add
/usr/local/etc/ipsec.secrets is as below:
: PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
Others remain unchanged.
In the above ipsec.conf file, if I use right/leftsubnet with 0.0.0.0/0,
the whole system can not work well.
If I use right/leftsubnet with 10.1 or 2.0.0/16, the whole system can
work well.
Does any one have the similar experience?
Anyone has idea?
Any reply is appreciated.
Thanks a lot.
Zhu Yanjun
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
