On 24 September 2013 16:35, Hugo Osvaldo Barrera <h...@osvaldobarrera.com.ar> wrote: > On 2013-09-24 09:44, James Griffin wrote: >> * Hugo Osvaldo Barrera <h...@osvaldobarrera.com.ar> [2013-09-24 03:53:46 > -0300]: >> >> > Hi, >> > >> > I've been experimenting a bit with IPSec and creating a VPN using it. > I've >> > been successful, but have encountered an odd issue. >> > >> > I've two hosts, linking two networks: >> > >> > Host A's /etc/iked.conf: >> > ikev2 active esp from 172.16.0.0/16 to 172.17.0.0/16 \ >> > peer 174.136.104.18 psk "a-test-key" >> > >> > Host B's /etc/iked.conf: >> > ikev2 esp from 172.17.0.0/16 to 172.16.0.0/16 \ >> > peer 190.210.108.249 psk "a-test-key" >> > >> > (Of course those are not the real keys). >> > >> > I can ssh 172.17.0.1 from the 172.16.0.0 network fine and viceversa. >> > >> > So far so good. >> > >> > BUT I can't establish any TCP connection from Host A to Host B's public >> > IP address and viceversa. >> >> So you can connect using internal addresses but not using public address. > Just a thought, but have you opened the necessary ports on your router? What > is your setup like? >> >> [ ... ] >> > > They're both connected directly to the internet with no router in front > of them. With the tunnel disabled, everything works fine between both. > > -- > Hugo Osvaldo Barrera > > [demime 1.01d removed an attachment of type application/pgp-signature] >
could you please tcpdump on enc and real interfaces on host A and see if your traffic (ssh, ping, traceroute) is sent encrypted or not and on which interface. and what does host B receive.
