Hi i have an Asus RT-N16 that i have installed Firmware Version OpenWrt Designated Driver 50049 / LuCI Master (git-17.307.46607-de911fd) with Kernel Version 4.1.35, I have setup the local subnet of 10.10.30.0/24 with my gateway being 10.10.30.18, traffic to the internet works like it should. I have setup strongswan on this unit and have the vpn up connected back to a palo alto 3020 unit. No errors on the pa3020 on this vpn. The link comes up quick but i can not ping or access any sites/shares on the pa3020 side of things.
My ipsec.conf config ---
config setup
# strictcrlpolicy=yes
# uniqueids = no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev1
conn MainCampus
auto=start
closeaction=restart
type=tunnel
aggressive=no
ike=aes256-sha1-modp1024,3des-sha1-modp1024
esp=aes256-sha1,3des-sha1
mark_in=42
mark_out=42
left=publicipa
leftsubnet=10.10.30.0/24
leftid=publicipa
leftauth=psk
leftfirewall=yes
right=publicipb
rightsubnet=10.10.0.0/24
rightid=publicipb
rightauth=psk
rightfirewall=yes
i added these
ip tunnel add vti0 local publicipa remote publicipb mode vti key 42
ip link set vti0 up
ip route add 10.10.0.0/24 dev vti0
ip rule add from 10.10.30.0/24 table 1000
ip route add 10.10.0.0/24 dev vti0 table 1000
when you enter = ip route show table 1000
you get = 10.10.0.0/24 dev vti0 scope link
Created tunnel interface called VIT0 and assigned it to vit0 (not bridged), interface shows up with connect time but no data being passed, also has a mac address.
I created a firewall interface called vti0 as well and it forwards to lan and wan, input,output and forward all are accept and mss clamping is enabled.
I cant ping from any side but i see the tunnel up and it stays up. So half the battle is done! any ideas or hits where i can look next? I have never setup a vpn on openwrt with stongswan before so bear with me if i made a mistake along the way.