[Swan] Does libreswan v3.20 support multiple clients behind NAT to communicate with public server simultaneously?
Paul Wouters
paul at nohats.ca
Thu Nov 9 05:48:13 UTC 2017
On Tue, 7 Nov 2017, Hao Chen wrote:
> Thanks for your help in advance. Sorry for late response. (looks like libreswan email server does NOT like attachments.)
>
>
> After I applied the "source code change" which in you give me in https://lists.libreswan.org/pipermail/swan/2017/002368.html, and re-compile + re-install, still no luck. Same result as
> before.
> [root at xcvms196 configs]# ip x p
> src 10.0.146.196/32 dst 10.0.161.34/32
> dir out priority 2080 ptype main
> mark -1/0xffffffff
It seems the patch was not applied properly? It should not show -1 but a
random number above 65535
This test case shows the patch I put in works:
https://github.com/libreswan/libreswan/blob/master/testing/pluto/netkey-vti-08/west.console.txt
If you run the test case and look at the verbose output, it shows:
[root at east ~]# ip xfrm pol
src 192.0.2.0/24 dst 192.0.1.0/24
dir out priority 2344 ptype main
mark 65536/0xffffffff
tmpl src 192.1.2.23 dst 192.1.2.45
proto esp reqid 16393 mode tunnel
src 192.0.1.0/24 dst 192.0.2.0/24
dir fwd priority 2344 ptype main
mark 65536/0xffffffff
tmpl src 192.1.2.45 dst 192.1.2.23
proto esp reqid 16393 mode tunnel
src 192.0.1.0/24 dst 192.0.2.0/24
dir in priority 2344 ptype main
mark 65536/0xffffffff
tmpl src 192.1.2.45 dst 192.1.2.23
proto esp reqid 16393 mode tunnel
You must not have applied the patch properly?
You can also try and grab the git master tree from github and install
that. It already has the patch applied.
Paul
More information about the Swan
mailing list