[Swan] LibreSwan not accepting port 9001 but accepts 5000?

Lennart Sorensen lsorense at csclub.uwaterloo.ca
Thu Jul 13 13:33:35 UTC 2017


On Thu, Jul 13, 2017 at 07:42:47AM +0000, Madden, Joe wrote:
> Hi Lennart,
> 
> The source IP of the IPsec would be 1.1.1.1 (Its obviously not really this I just wanted to hide my Ext IP). The source traffic to go over the IPsec VPN would be 192.168.70.1:xxxxx to 10.190.22.0/24:9001
> 
> That doesn't work - But traffic from 10.190.22.0/24:xxxxx to 192.168.70.1:5000 does work.
> 
> It's pretty odd - I'll try leftsourceip=1.1.1.1 but I'm not sure it's going to fix the issue.

No the left ip is the EXTERNAL ip on the left side.  You need traffic to
come from the INTERNAL ip on the left side or the tunnel won't forward it.
leftsourceip is for the internal address to send from, not the external
address.

The tunnel creates a route on the left side that says 10.190.22.0 is
via the right side, but by default it doesn't say what IP to use as a
source when sending.  The leftsourceip tells it that any traffic sent
to that destination network should pick the specified source ip when
sending, which has to be an address in the leftsubnet.

So I meant what I wrote.

> I don't have a router for 10.190.22.0/24 - It expects just to use default route - I'll add one too to see if that makes a difference.

It might.  Specifying the source ip ought to make it create an explicit
route then.

Although I don't recall libreswan ever NOT creating a route for the
remote network when I used it.

-- 
Len Sorensen


More information about the Swan mailing list