[Swan] LibreSwan not accepting port 9001 but accepts 5000?
Lennart Sorensen
lsorense at csclub.uwaterloo.ca
Wed Jul 12 19:40:33 UTC 2017
On Wed, Jul 12, 2017 at 03:57:37PM +0000, Madden, Joe wrote:
> Hi List,
>
>
> I have an issue with a Libreswan instance where It appears to be port selective over what traffic goes across the VPN.
>
>
> authby= secret
> auto= start
> type= tunnel
> nat_traversal= yes
> forceencaps= no
> rekeymargin= 3m
> keyingtries= %forever
> keylife= 1h
> ikelifetime= 24h
> ikev2= insist
>
> left= 1.1.1.1
> leftsubnet= 192.168.70.1/32
If this is the internal IP of the ipsec endpoint, then you probably have
to explicitly set the route source IP for the tunnel so that it doesn't
just use the default route and hence default IP when sending packets.
I suspect the working devices on the right side are all behind the ipsec
endpoint, and not on it.
Try adding 'leftsourceip=192.168.70.1'
> leftid= 1.1.1.1
>
> right= 2.2.2.2
> rightid= 2.2.2.2
> rightsubnet= 10.190.22.0/24
> #Phase 1
> ike= aes256-sha2_256;modp2048
> #Phase 2
> phase2= esp
> phase2alg= aes256-sha2_256;modp2048
> #Other Encryption Settings
> pfs= yes
> sha2_truncbug= no
> #Dead Peer Detection
> dpdaction= restart
>
>
> Port 5000,5001,5002 will go across the VPN fine (Source from Right Side)
>
> But port 9001 (Source from Left Side) is not captured into the VPN and as a result attempts to go out to the internet and fails.
>
>
> Communication on port 5001/5002/5000 is successful.
>
> Does anyone have any ideas of what could be causing this issue?
--
Len Sorensen
More information about the Swan
mailing list