[Swan] cannot get traffic to lan when using xauth and pool address is on lan segment

Antonio Silva asilva at wirelessmundi.com
Tue Apr 18 14:05:26 UTC 2017


Hi Tuomo,

Thanks for the tip, both options, separated, solve my problem!!! i end 
up using leftsourceip, i use leftupdown script to monitor the connection 
established.

we could add this extra info to the wiki :)

https://libreswan.org/wiki/FAQ#Can_I_hand_out_LAN_IP_addresses_in_the_addresspool.3F


Saludos / Regards / Cumprimentos,
António silva

On 04/18/2017 10:02 AM, Tuomo Soini wrote:
> On Mon, 17 Apr 2017 19:04:54 +0200
> Antonio Silva <asilva at wirelessmundi.com> wrote:
>
>> ok, so there is something i'm doing badly...
>>
>> after ping the ip assign to the client i print the arp entires and
>> for the ip address in question there is no arp entry, and it suppose
>> to be with mac address of the server...
>>
>> # ping 192.168.10.206
>> PING 192.168.10.206 (192.168.10.206) 56(84) bytes of data.
>> 64 bytes from 192.168.10.206: icmp_seq=1 ttl=64 time=509 ms
>> 64 bytes from 192.168.10.206: icmp_seq=2 ttl=64 time=72.0 ms
>>
>>
>> # arp | grep 192.168.10.206
> Proxy arp doesn't work for pure ipsec. You need to add forced routing
> to clients because proxyarp only works if there is host route to client.
>
>      leftupdown="ipsec _updown.netkey --route yes"
>
> Or use leftsourceip=<gateway-lan-ip>.
>



More information about the Swan mailing list