Error in ipsec, what could be the problem?

A

alovanton2016-05-03 22:40:59

linux

alovanton, 2016-05-03 22:40:59

Client <-> server
Check ipsec status

Security Associations (1 up, 0 connecting):
inteltek2[3]: ESTABLISHED 24 seconds ago, 10.8.8.*[148.251.66.**]...213.74.193.76[213.74.193.**]
inteltek2{1}: INSTALLED, TUNNEL, ESP in UDP SPIs: c1d7e589_i 88a72c37_o
inteltek2{1}: 10.8.8.*/32 === 172.29.106.0/24

That is, the connection is established, but it is not possible to ping hosts from network 172.
Once the connection is established, then authorization by keys passes.
In iptables I registered 2 rules for Entry and Exit, everything is allowed. Ports 500,4500 are open. What could be the reason?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Alexander Karabanov, 2016-05-03
@karabanov

Also, if you are using nat, then you need to add exceptions for IpSec traffic to iptables.

iptables -I POSTROUTING -t nat -d АДРЕС_УДАЛЕННОЙ_ПОДСЕТИ_ЗА_IPSEC -j RETURN

The RETURN action, when fired, stops further processing of traffic in this chain and proceeds to the next one. The nat rules are processed before the traffic wraps around the IpSec tunnel.
Source

K

Karmashkin, 2016-05-03
@Karmashkin

and the route on the router from the network 172 to 10 is registered?