[Swan] Somehow the ip addresses are changing in the vpn tunnel
Paul Wouters
paul at nohats.ca
Tue May 8 15:59:19 UTC 2018
On Mon, 7 May 2018, Brian Foddy wrote:
> Tunnels come up , ipsec status left shows;
> 000 Total IPsec connections: loaded 2, active 2
> But nothing is actually working, no pings, no ssh anything between the 2
> sites.
> I've done some tcpdumps (tcpdump -nni enp1s0f1 icmp)
Check forwarding and NAT rules? Run "ipsec verify" to see if there are
other issues, like rp_filter.
> But at the same time the left tcpdump is showing:
> tcpdump -nni ppp0 icmp
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 262144
> bytes
> 22:10:05.698183 IP 8.0.1.10 > 10.20.0.66: ICMP echo request, id 11456, seq
> 902, length 64
> 22:10:06.348152 IP 8.0.1.10 > 10.20.0.66: ICMP echo reply, id 7793, seq 107,
> length 64
>
> Notice the IP address have changed from 10.20.1.10 to 8.0.1.10 when packets
> are arriving back.
I would at the nat and mangle tables and see if anything is being done
there.
> The firewalls are both running shorewall and I believe the configurations are
> correct, but can include those files is needed.
Tuomo might be able to say more on that.
Paul
More information about the Swan
mailing list