[Swan] Basic netkey routing issue
Erik Andersson
erik at ingate.com
Wed Mar 14 09:50:13 UTC 2018
Hi all,
I've set up a simple scenario (following the example described in
https://libreswan.org/wiki/Subnet_to_subnet_VPN_with_PSK).
The tunnels are established successfully.
But when I issue this command on the "west" gateway:
$ ping -n -c 4 -I 192.0.1.254 192.0.2.254
I get the following errors:
ping: sendto: Network is unreachable
If I try to ping between the nodes behind the gateways (e.g. from
192.0.1.10 to 192.0.2.10) I get:
$ ping 192.0.2.10
PING 192.0.2.10 (192.0.2.10) 56(84) bytes of data.
From 192.0.1.254 icmp_seq=1 Destination Net Unreachable
From 192.0.1.254 icmp_seq=2 Destination Net Unreachable
Please note that I have *not* configured any default gateway on the
gateways (since the gateways are connected to the same subnet). If I add
default gateway the icmp traffic flows as expected.
It works without a default gateway if I tell the _updown.netkey script
to handle routes (--route yes). Then the necessary routes are installed
(at least for ipv4, ipv6 doesn't seem to be supported/enabled?).
Not sure what I'm missing here. Probably basic routing skills :)
To summarize, in order to successfully deploy this scenario you need a
default gateway installed (even if the gateways are on the same subnet)
and/or tell the _updown script to handle routes?
Happy for any help.
Regards,
Erik
More information about the Swan
mailing list