[Swan] Outbound traffic not going through IPSec tunnel
Yongsheng Xie
yongs.xie at gmail.com
Sat Aug 5 03:47:01 UTC 2017
The problem has been fixed by replacing the IPSec kernel module of the
stock kernel. It seems that Online.net's stock kernel will cause a problem
on establishing IPSec kernel.
On Fri, Aug 4, 2017 at 6:46 PM Yongsheng Xie <yongs.xie at gmail.com> wrote:
> Hello,
>
> Recently I am encountered with a weird problem. I have a Fedora 26 server
> as virtualization host, running VMs on a Linux logical network (the
> left-hand side). I've also set up a CentOS 7.3 VM on Google Cloud Platform
> (the right-hand side) for establishing the IPSec tunnel.
>
> After the tunnel established, I can ping the VM in 10.150.0.0/24 from any
> GCE instances on 10.120.0.0/16, even ssh into VM from GCE instances.
> What's really weird is that I cannot ping or establish connection to any
> hosts on GCE VPC from the hosts on network 10.150.0.0/24. I tried using
> tcpdump to capture packets flowing through IPSec tunnel, but I can't see
> any packets routed from 10.150.0.0/24 to 10.120.0.0/16.
>
> Could you help me debugging this problem?
>
> Following is setup information of my servers:
>
> *The setup of left-hand side:*
> OS: Fedora 26
> Libreswan version: 3.18
> Configuration:
> conn cdg-tpe
> left=X.X.X.X
> leftsubnet=10.150.0.0/24
> right=Y.Y.Y.Y # The external IP of the GCE instance
> rightid=10.120.0.2
> rightsubnet=10.120.0.0/16
> auto=start
> authby=secret
>
> *The setup of right-hand side:*
> OS: CentOS 7.3
> Libreswan version: 3.15
> Configuration:
> conn tpe-cdg
> left=10.120.0.2
> leftsubnet=10.120.0.0/16
> right=X.X.X.X
> rightsubnet=10.150.0.0/24
> auto=start
> authby=secret
>
>
> Thanks,
> Yongsheng Xie
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20170805/82a03931/attachment.html>
More information about the Swan
mailing list