0

im facing weird problem i have configured site to site VPN tunnel on Centos 8 on the same network and its connected but unable to ping each others here is below my configuration and status.

Site A

[root@site-B ~]# strongswan status Security Associations (1 up, 0 connecting): 2gateway-to-gateway1[4]: ESTABLISHED 6 seconds ago, 100.100.100.6[100.100.100.6]...100.100.100.22[100.100.100.22] 2gateway-to-gateway1{3}: INSTALLED, TUNNEL, reqid 2, ESP SPIs: caeaf7b6_i c214a703_o 2gateway-to-gateway1{3}: 10.20.1.0/24 === 10.10.1.0/24

ip route

[root@site-A ~]# ip r show default via 100.100.100.1 dev enp0s3 proto dhcp metric 100 10.20.1.0/24 via 100.100.100.22 dev enp0s3 100.100.100.0/24 dev enp0s3 proto kernel scope link src 100.100.100.22 metric 100

onfig setup charondebug="all" uniqueids=yes

conn ateway1-to-gateway2 type=tunnel auto=start keyexchange=ikev2 authby=secret left=100.100.100.22 leftsubnet=10.10.1.1/24 right=100.100.100.6 rightsubnet=10.20.1.1/24 ike=aes256-sha1-modp1024! esp=aes256-sha1! aggressive=no keyingtries=%forever ikelifetime=28800s lifetime=3600s dpddelay=30s dpdtimeout=120s dpdaction=restart

[root@site-A ~]# cat /etc/strongswan/ipsec.secrets 100.100.100.22 100.100.100.6 : PSK “XXXXXXXXXXXX”

[root@site-A ~]# cat /etc/sysctl.conf

net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0

Site B

[root@site-B ~]# strongswan status Security Associations (1 up, 0 connecting): 2gateway-to-gateway1[4]: ESTABLISHED 4 minutes ago, 100.100.100.6[100.100.100.6]...100.100.100.22[100.100.100.22] 2gateway-to-gateway1{3}: INSTALLED, TUNNEL, reqid 2, ESP SPIs: caeaf7b6_i c214a703_o 2gateway-to-gateway1{3}: 10.20.1.0/24 === 10.10.1.0/24

IP route

[root@site-B ~]# ip r show default via 100.100.100.1 dev enp0s3 proto dhcp metric 100 10.20.1.0/24 via 100.100.100.6 dev enp0s3 100.100.100.0/24 dev enp0s3 proto kernel scope link src 100.100.100.6 metric 100

config setup charondebug="all" uniqueids=yes

conn 2gateway-to-gateway1 type=tunnel auto=start keyexchange=ikev2 authby=secret left=100.100.100.6 leftsubnet=10.20.1.1/24 right=100.100.100.22 rightsubnet=10.10.1.1/24 ike=aes256-sha1-modp1024! esp=aes256-sha1! aggressive=no keyingtries=%forever ikelifetime=28800s lifetime=3600s dpddelay=30s dpdtimeout=120s dpdaction=restart

[root@site-B ~]# cat /etc/strongswan/ipsec.secrets 100.100.100.6 100.100.100.22 : PSK “XXXXXXXXXXXXX”

[root@site-B ~]# cat /etc/sysctl.conf

net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0

Improve this question

1 Answer 1

Reset to default
0

Aoa, as your left and right subnets are on different networks so one solution is that:

  1. Add gateway routes on both subnets and subnets start to pinging each other and then check encrypted packets between gateway devices.

Command: route add x.x.x.0/24 mask x.x.x.x x.x.x.x(gw)

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.