LinuxQuestions.org - [SOLVED] Unable to ping local subnet behind peer in IPSEC

Hello All,

I am setting up ipsec tunnel between two peer using racoon.
My setup.

pc(subnet)-----------pc:1-------------------pc:2------------subnet(pc)
192.168.3.0/24 192.168.101.111 192.168.101.113 192.168.2.0/24

My configuration on pc:1
###############################################################
path pre_shared_key "/etc/psk.txt";
remote 192.168.101.113 {
exchange_mode main;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group modp1024;
}
}
sainfo address 192.168.3.0/24 any address 192.168.2.0/24 any {
pfs_group modp768;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}

###############################################################

Configuration on pc:2

path pre_shared_key "/etc/psk.txt";
remote 192.168.101.111 {
exchange_mode main;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group modp1024;
}
}
sainfo address 192.168.2.0/24 any address 192.168.3.0/24 any {
pfs_group modp768;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}

###############################################################
spd policies in setkey.conf

#!/usr/sbin/setkey -f
#
# Flush SAD and SPD
flush;
spdflush;
# Create policies for racoon on pc1
spdadd 192.168.3.0/24 192.168.2.0/24 any -P out ipsec
esp/tunnel/192.168.101.111-192.168.101.113/require;
spdadd 192.168.2.0/24 192.168.3.0/24 any -P in ipsec
esp/tunnel/192.168.101.113-192.168.101.111/require;

But When i ping from subnet behind pc-2 to subnet behind pc-1 ,
destination host unreachable.

I have rule on pc-2
route add -net 192.168.3.0/24 via 192.168.101.113

Still no Success, :(
Do i need to add some iptables rules ???

Thanks
Tushar