On 3 October 2015 at 14:40, Jason Tubnor <ja...@tubnor.net> wrote: > Hi, > > > Here is the ipsecctl flows: > > > Sorry, I copied in the flows from the wrong server (testing all different ways trying to get things to work). Here is the ipsecctl to match the iked.conf listed:
# ipsecctl -sa FLOWS: flow esp in from 192.168.72.0/24 to 192.168.1.0/24 peer 192.168.232.129 srcid FQDN/hovpn.local dstid FQDN/rovpn.local type use flow esp out from 192.168.1.0/24 to 192.168.72.0/24 peer 192.168.232.129 srcid FQDN/hovpn.local dstid FQDN/rovpn.local type require flow esp out from ::/0 to ::/0 type deny SAD: esp tunnel from 192.168.232.128 to 192.168.232.129 spi 0x1d3ef308 auth hmac-sha2-256 enc aes-256 esp tunnel from 192.168.232.129 to 192.168.232.128 spi 0x22b8b189 auth hmac-sha2-256 enc aes-256 esp tunnel from 192.168.232.128 to 192.168.232.129 spi 0xb8b060e1 auth hmac-sha2-256 enc aes-256 esp tunnel from 192.168.232.129 to 192.168.232.128 spi 0xbda3e596 auth hmac-sha2-256 enc aes-256 Cheers, Jason
