IPSEC VPN problem, tunnel established but no traffic possible

[z3us]

You are right! Weird... maybe it has to do with some minor changes in the ipsec config?

Machine A:
ip route show table main

Code: Select all

10.105.0.0/24 dev eth0  proto kernel  scope link  src 10.105.0.1
185.107.*.0/24 dev eth0  proto kernel  scope link  src 185.107.*.*
10.106.0.0/24 via 185.107.*.3 dev eth0  src 185.107.*.*
169.254.0.0/16 dev eth0  scope link  metric 1002
default via 185.107.*.3 dev eth0

Machine B:
ip route show table main

Code: Select all

10.105.0.0/24 via 185.87.*.3 dev eth0  src 185.87.*.*
185.87.*.0/24 dev eth0  proto kernel  scope link  src 185.87.*.*
10.106.0.0/24 dev eth0  proto kernel  scope link  src 10.106.0.1
169.254.0.0/16 dev eth0  scope link  metric 1002
default via 185.87.*.3 dev eth0

[vtx]

These routing table entries indicate that you still don't have leftsourceid and rightsourceip defined. At least, those are not active yet.

Without source ip within the tunneled networks, you won't be able to ping inside the tunnel from the tunnel gateways. You may want to restart ipsec after you've made those changes.

Code: Select all

service ipsec restart

[z3us]

Damn you are my hero!
With the sourceip's defined it all works like a charm!

I made the mistake of defining the external IP's of my machines.
Now I changed it to the internal addresses it all works!

I'm going to make some notes about this troubleshooting process.
Many thanks mate!

[vtx]

Glad it works now.

Note that if you would have tested it from behind the gateways and not the gateways themselves it would have worked all along. But I was a little put off track at first intance because the routing entry was completely absent.

[z3us]

Glad it works now.

Note that if you would have tested it from behind the gateways and not the gateways themselves it would have worked all along. But I was a little put off track at first intance because the routing entry was completely absent.

I'm very very happy now!
I'm getting this all documented very well.
Also made some back-ups of all configuration files.

Thanks again and have a good weekend!

[z3us]

Is it possible to connect multiple vpn hosts by adding extra machine.conf files into /etc/ipsec.d?

[davis1508]

Is it possible to connect multiple vpn hosts by adding extra machine.conf files into /etc/ipsec.d?

I do not fully understand what do you mean by connecting to different vpn hosts with adding extra machine. As I understand you want to use multiple vpn servers from different devices. Be sure that it’s possible with vpn service that offers multiple simultaneous connections from different devices. Many vpns provide this feature with their standard packages, but others require extra payment for adding devices. What is more, you can install vpn client on your router therefore running vpn in all connecting devices. More detailed info about vpns for routers you can read here https://www.bestvpnrating.com/blog/why- ... ters-handy. Hope that my answer will be helpful.