[Swan] ip address assignment
Paul Wouters
paul at nohats.ca
Wed May 9 17:48:20 UTC 2018
On Wed, 9 May 2018, Thomas Stein wrote:
> Now I have the routes in question. But still no internet connectivity.
> 000
> 000 #2: "my-vpn":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE_IF_USED in 27905s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
> 000 #2: "my-vpn" esp.4535607f at xxx.xxx.xxx.5 esp.5fe2f13b at 192.168.178.21 tun.0 at xxx.xxx.xxx.5 tun.0 at 192.168.178.21 ref=0 refhim=0 Traffic: ESPin=0B ESPout=2KB! ESPmax=4194303B username=myself
This is odd. Your IKE SA established, setup the IPsec SA successfully,
and then vanished?
> rather /etc/ipsec.d # ip r
> 0.0.0.0/1 dev wlan0 scope link src xxx.xxx.xxx.193
> default via 192.168.178.1 dev wlan0 proto dhcp src 192.168.178.21 metric 2007
> 128.0.0.0/1 dev wlan0 scope link src xxx.xxx.xxx.193
> 192.168.178.0/24 dev wlan0 proto dhcp scope link src 192.168.178.21 metric 200
That looks good.
> Am I supposed to have some iptables rules? I have non so far:
Nope.
What does "ipsec whack --trafficstatus" show for the traffic counters?
It would be useful to see the pluto logs too and see why your IKE SA
died.
Paul
More information about the Swan
mailing list