I am trying to build a site-to-site IPSec VPN based on Ubuntu 20.04.1 and StrongSwan. My goal is to interconnect the two sites without using NAT on the gateways.
In my lab I have:
I could get IPSec working. From the Ubuntu on the left site I can ping 172.16.1.254 (the internal Site B gateway IP address). However, if I try to ping a machine on Site B other than 172.16.1.254 address it fails.
Following some tutorials I have:
- enabled routing at
I could get IPSec working. From the Ubuntu on the left site I can ping 172.16.1.254 (the internal Site B gateway IP address). However, if I try to ping a machine on Site B other than 172.16.1.254 address it fails.
Following some tutorials I have:
- enabled routing at /etc/sysctl.conf by includding net.ipv4.ip_forward = 1; then run sysctl -p.
- added IPSec services to the public zone by firewall-cmd --permanent --zone=public --add-service=ipsec and firewall-cmd --reload.
- in both sites the internal interface is bound to the trusted native zone and external interfaces are bound to the "public" native zone.
What am I missing? Can someone help me?
Asked by Moacir Ferreira
(11 rep)
Jan 16, 2023, 05:28 PM
Last activity: Jan 17, 2023, 10:21 AM
Last activity: Jan 17, 2023, 10:21 AM