Hello to all,

I have a problem with VPN between 2 Ubuntu servers.
The connection was working until the first reboot, but now after reboot, connection not working.
This is how ipsec statusall looks like:
Listening IP addresses:
45.76.138.123
108.61.173.230
2001:19f0:7402:78d:5400:ff:fe86:7452
10.99.0.10
Connections:
ikev2-vpn: 45.76.138.123...41.186.47.321 IKEv2, dpddelay=30s
ikev2-vpn: local: [C=RW, ST=Kigali, L=Kigali, O=Raisin ltd, OU=FinTech, CN=akokanya.com, E=gurinzira@gmail.com] uses pre-shared key authentication
ikev2-vpn: cert: "C=RW, ST=Kigali, L=Kigali, O=Raisin ltd, OU=FinTech, CN=akokanya.com, E=gurinzira@gmail.com"
ikev2-vpn: remote: [41.186.47.321] uses pre-shared key authentication
ikev2-vpn: child: 10.99.0.200/32 === 10.33.1.14/32 10.33.0.14/32 TUNNEL, dpdaction=restart
Fab_vpn: %any...35.160.24.84 IKEv1, dpddelay=30s
Fab_vpn: local: [45.76.138.123] uses pre-shared key authentication
Fab_vpn: remote: [35.160.24.84] uses pre-shared key authentication
Fab_vpn: child: 10.99.0.200/32 === 172.31.25.255/32 TUNNEL, dpdaction=restart
mtn_vpn: %any...41.186.47.321 IKEv1, dpddelay=30s
mtn_vpn: local: [45.76.138.123] uses pre-shared key authentication
mtn_vpn: remote: [41.186.47.321] uses pre-shared key authentication
mtn_vpn: child: 10.99.0.200/32 === 10.33.1.14/32 10.33.0.14/32 TUNNEL, dpdaction=restart
pass_vpn: %any...35.160.24.84 IKEv2, dpddelay=30s
pass_vpn: local: [45.76.138.123] uses pre-shared key authentication
pass_vpn: remote: [35.160.24.84] uses pre-shared key authentication
pass_vpn: child: 10.99.0.10/32 === 172.31.25.205/32 TUNNEL, dpdaction=restart
rg_vpn: 45.76.138.123/32...128.199.89.135 IKEv2, dpddelay=300s
rg_vpn: local: [45.76.138.123/32] uses pre-shared key authentication
rg_vpn: remote: [128.199.89.135/32] uses pre-shared key authentication
rg_vpn: child: 10.99.0.10/32 === 10.130.147.227/32 TUNNEL, dpdaction=clear
Security Associations (1 up, 0 connecting):
mtn_vpn[2]: ESTABLISHED 4 hours ago, 45.76.138.123[45.76.138.123]...41.186.47.321[41.186.47.321]
mtn_vpn[2]: IKEv1 SPIs: ccc123e_i* 13321172_r, pre-shared key reauthentication in 2 hours
mtn_vpn[2]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
mtn_vpn{13}: INSTALLED, TUNNEL, reqid 2, ESP SPIs: c4d30bb5_i fab97a7b_o
mtn_vpn{13}: AES_CBC_256/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 21 minutes
mtn_vpn{13}: 10.99.0.200/32 === 10.33.1.14/32
mtn_vpn{14}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: c6eed421_i c1890720_o
mtn_vpn{14}: AES_CBC_256/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 26 minutes
mtn_vpn{14}: 10.99.0.200/32 === 10.33.0.14/32



ifconfig:
ens3 Link encap:Ethernet HWaddr 56:00:00:86:74:52
inet addr:45.76.138.123 Bcast:45.76.139.255 Mask:255.255.254.0
inet6 addr: 2001:19f0:7402:78d:5400:ff:fe86:7452/64 Scope:Global
inet6 addr: fe80::5400:ff:fe86:7452/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23170 errors:0 dropped:0 overruns:0 frame:0
TX packets:24746 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2768756 (2.7 MB) TX bytes:16041446 (16.0 MB)

ens3:1 Link encap:Ethernet HWaddr 56:00:00:86:74:52
inet addr:108.61.173.123 Bcast:108.61.173.255 Mask:255.255.254.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

ens7 Link encap:Ethernet HWaddr 5a:00:00:86:74:52
inet addr:10.99.0.10 Bcast:10.99.0.255 Mask:255.255.255.0
inet6 addr: fe80::5800:ff:fe86:7452/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:578 (578.0 B)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:49 errors:0 dropped:0 overruns:0 frame:0
TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:5485 (5.4 KB) TX bytes:5485 (5.4 KB)

route:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 45.76.138.1 0.0.0.0 UG 0 0 0 ens3
10.99.0.0 * 255.255.255.0 U 0 0 0 ens7
45.76.138.0 * 255.255.254.0 U 0 0 0 ens3
108.61.172.0 * 255.255.254.0 U 0 0 0 ens3
link-local * 255.255.0.0 U 0 0 0 ens


ipsec.conf
config setup
# plutodebug=all
# plutostderrlog=/var/log/openswan.log

charondebug="all"
# uniqueids=no


conn ikev2-vpn
auto=add
type=tunnel
keyexchange=ikev2
ike=aes256-sha1-modp1024
esp=aes256-md5
keylife=3600s
ikelifetime=28800s
dpdaction=restart
# dpddelay=30
# dpdtimeout=120
rekey=yes
leftauth=psk
left=45.76.138.123
leftid=45.76.138.123/32
leftcert=/etc/ipsec.d/certs/ipsechost-cert.pem
leftsubnet=10.99.0.200/32
right=41.186.47.321
rightid=41.186.47.321
rightauth=psk
rightsourceip=10.33.1.14/32
rightsubnet=10.33.1.14/32,10.33.0.14/32
keyingtries=1
#conn ikev2-vpn
# left=45.76.138.123
#
# leftauth=psk
# leftsubnet=10.99.0.10/32
# right=41.186.47.321
# rightsubnet=10.33.1.14/3210.33.1.14/32
# ike=aes256-sha1-modp1024!
# reauth=no
# mobike=no
# rightauth=psk
# esp=aes256-md5
# keyingtries=1
# ikelifetime=28800s
# keylife=3600s
# lifetime=8h
# dpddelay=30
# dpdtimeout=120
# dpdaction=restart
# auto=start
# type=tunnel


conn Fab_vpn
keyexchange=ikev1
authby=secret
ikelifetime=28800
leftid=45.76.138.123
leftsubnet=10.99.0.200/32
left=%defaultroute
right=35.160.24.84
rightsubnet=172.31.25.255/32
auto=start
ike=aes256-sha1-modp1024
esp=aes256-sha1
keylife=1h
dpdaction=restart



conn mtn_vpn
keyexchange=ikev1
authby=secret
ikelifetime=28800
leftid=45.76.138.123
leftsubnet=10.99.0.200/32
left=%defaultroute
right=41.186.47.321
rightsubnet=10.33.1.14/32,10.33.0.14/32
auto=start
ike=aes256-sha1-modp1024
esp=aes256-sha1
keylife=1h
dpdaction=restart


conn pass_vpn
keyexchange=ikev2
authby=secret
ikelifetime=28800
leftid=45.76.138.123
leftsubnet=10.99.0.10/32
left=%defaultroute
right=35.160.24.84
rightsubnet=172.31.25.205/32
auto=start
ike=aes256-sha1-modp1024
esp=aes256-sha1
keylife=1h
dpdaction=restart


conn rg_vpn

auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes

ike=aes256-sha1
esp=aes256-MD5
keylife=3600s
ikelifetime=28800s
dpdaction=clear
dpddelay=300s
rekey=no
leftauth=psk
left=45.76.138.123/32
leftid=45.76.138.123/32
leftsubnet=10.99.0.10/32
right=128.199.89.135
rightid=128.199.89.135/32
rightauth=psk
rightsourceip=10.130.147.227/32
rightsendcert=never
rightsubnet=10.130.147.227/32

So now the problem is that I'm unable to ping 10.33.1.14 or 10.33.0.14. Please is anyone can understand this advice.

Why is your network limited to host, net mask is 32 bits?