[Swan] cannot get traffic to lan when using xauth and pool address is on lan segment
Tuomo Soini
tis at foobar.fi
Tue Apr 18 08:02:28 UTC 2017
On Mon, 17 Apr 2017 19:04:54 +0200
Antonio Silva <asilva at wirelessmundi.com> wrote:
> ok, so there is something i'm doing badly...
>
> after ping the ip assign to the client i print the arp entires and
> for the ip address in question there is no arp entry, and it suppose
> to be with mac address of the server...
>
> # ping 192.168.10.206
> PING 192.168.10.206 (192.168.10.206) 56(84) bytes of data.
> 64 bytes from 192.168.10.206: icmp_seq=1 ttl=64 time=509 ms
> 64 bytes from 192.168.10.206: icmp_seq=2 ttl=64 time=72.0 ms
>
>
> # arp | grep 192.168.10.206
Proxy arp doesn't work for pure ipsec. You need to add forced routing
to clients because proxyarp only works if there is host route to client.
leftupdown="ipsec _updown.netkey --route yes"
Or use leftsourceip=<gateway-lan-ip>.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
More information about the Swan
mailing list