[Swan] ipsec SA's up, no traffic routed?

Paul Wouters paul at nohats.ca
Tue May 10 15:45:12 UTC 2016

On Tue, 10 May 2016, Frank wrote:

> I’m trying to setup an ipsec connection from a recent centos7 box to a pfSense with strongSwan (charon), as a test before connecting to a remote ciscoASA.
> SA's seem up.
> I can't get traffic to the other side (host on or .12):

> ping
> PING ( 56(84) bytes of data.
> From xxx.xxx.39.68 icmp_seq=1 Destination Host Unreachable

Oddly this used your public ip as source, instead of the one you
specified with leftsourceip=

does ping -I  work?

> ip route:
> default via xxx.xxx.39.78 dev eth4
> dev eth1  proto kernel  scope link  src
> dev eth2  proto kernel  scope link  src
> dev eth3  proto kernel  scope link  src
> dev eth4  scope link  src

It's there, so why is ping using the wrong source ip?


More information about the Swan mailing list