The problem with the CentOS one seems to be that packets are not tunneled.
Here is an output from tshark.
Code: Select all
88 6.655929830 67.22.27.75 → 10.202.121.120 ESP 146 ESP (SPI=0xc542d5c5)
89 6.655929830 192.168.3.1 → 8.8.4.4 DNS 71 Standard query 0x26a6 A dealsea.com
On the working instance of raspbian, the tshark output looks like:
Code: Select all
45 3.318470851 104.38.166.37 → 10.111.58.102 ESP 146 ESP (SPI=0xc7ca8886)
46 3.318470851 10.202.122.1 → 8.8.4.4 DNS 67 Standard query 0x10af A psu.edu
47 3.318656688 10.111.58.102 → 8.8.4.4 DNS 67 Standard query 0x10af A psu.edu
The two machines use the same configure files:
ipsec.conf
Code: Select all
config setup
charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, mgr 2"
uniqueids=no
conn ikev2-vpn
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
ike=aes256-sha256-modp2048!
esp=aes256-sha256!
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftid=@MYHOSTNAME
leftcert=/etc/strongswan/ipsec.d/certs/vpn-server-cert.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
right=%any
rightid=%any
rightauth=eap-mschapv2
rightsourceip=10.202.122.1/24
rightdns=8.8.8.8,8.8.4.4
rightsendcert=never
eap_identity=%identity
Code: Select all
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
}
}
include strongswan.d/*.conf