[Swan] Outbound traffic not going through IPSec tunnel
Yongsheng Xie
yongs.xie at gmail.com
Fri Aug 4 10:46:39 UTC 2017
Hello,
Recently I am encountered with a weird problem. I have a Fedora 26 server
as virtualization host, running VMs on a Linux logical network (the
left-hand side). I've also set up a CentOS 7.3 VM on Google Cloud Platform
(the right-hand side) for establishing the IPSec tunnel.
After the tunnel established, I can ping the VM in 10.150.0.0/24 from any
GCE instances on 10.120.0.0/16, even ssh into VM from GCE instances. What's
really weird is that I cannot ping or establish connection to any hosts on
GCE VPC from the hosts on network 10.150.0.0/24. I tried using tcpdump to
capture packets flowing through IPSec tunnel, but I can't see any packets
routed from 10.150.0.0/24 to 10.120.0.0/16.
Could you help me debugging this problem?
Following is setup information of my servers:
*The setup of left-hand side:*
OS: Fedora 26
Libreswan version: 3.18
Configuration:
conn cdg-tpe
left=X.X.X.X
leftsubnet=10.150.0.0/24
right=Y.Y.Y.Y # The external IP of the GCE instance
rightid=10.120.0.2
rightsubnet=10.120.0.0/16
auto=start
authby=secret
*The setup of right-hand side:*
OS: CentOS 7.3
Libreswan version: 3.15
Configuration:
conn tpe-cdg
left=10.120.0.2
leftsubnet=10.120.0.0/16
right=X.X.X.X
rightsubnet=10.150.0.0/24
auto=start
authby=secret
Thanks,
Yongsheng Xie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20170804/e9511da5/attachment.html>
More information about the Swan
mailing list