XG to Ubuntu 20.04 Site-to-Site IPSEC won't connect

Hello all,

I'm running an XG at my home and have an Ubuntu 20.04 host in a datacenter running strongswan ipsec.  We are unable to make a basic IPSEC site-to-site connection.  I have a server inside my home also running Ubuntu, and we can make the connection that way using port forwarding and basic firewall rules.  We would like to connect my XG to my Ubuntu server instead. I know that the XG is running strongswan too, as that is the defacto IPSEC deployment method for Linux.

Questions:

  • Is this possible?
  • Where are the IPSEC logs?
  • Which encryption methods are used in the XG IPSEC configuration?

I drew a crude document diagram of what we are trying to achieve if it is needed.

Jeff



Edited TAGs
[edited by: emmosophos at 7:17 PM (GMT -8) on 22 Feb 2021]

Top Replies

  • Hi ,

    Thank you for reaching out to the Community! 

    As long as you configure matching IPsec policy and connection detail, it’ll work.

    Sophos XG uses the following files, located in /log…

Parents Reply
  • Hello Harsh,

    Thank-you for responding.  I'm not doing these rules correctly or something else is wrong. Per the drawing I posted originally, here is the breakdown of my networks:

    • Ubuntu LAN: 10.8.0.0/24
    • Ubuntu VMNet:  192.168.10.0/24
    • XG LAN: 10.71.1.0/24
    • XG VMNet: 192.168.122.0/24

    I have created network objects that define these under Hosts and Services.  My current rules are basic LAN to VPN and VPN to LAN using zones. I have tried using Any for the remote network and the defined objects for the networks, but neither are working correctly.

    So far only my XG LAN can ping out to the Ubuntu VMNet.

    Jeff

Children
No Data