[Swan] one way ping

John Crisp jcrisp at safeandsoundit.co.uk
Fri Jul 20 15:06:08 UTC 2018 

On 20/07/18 15:08, Paul Wouters wrote:
> Not too much to add but in the past I know that dummy interfaces could eat packets.
>

As a further follow up two things seemed to affect it.

One was the use of a 'dummy0' address. As the machine was on a VM I gave
it a 'Private' adaptor, which it then detected and added with a virt_io
device.

However, that still didn't seem to work. So I looked at the networking.

I had decided to use DHCP to configure the external device.

This gave the following

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
169.254.169.254 222.250.226.1   255.255.255.255 UGH   0      0        0 eth0
10.0.0.0        222.250.226.1   255.255.255.0   UG    0      0        0 eth0
192.168.81.0    *               255.255.255.0   U     0      0        0 eth1
192.168.10.0    222.250.226.1   255.255.255.0   UG    0      0        0 eth0
222.250.226.0   *               255.255.254.0   U     0      0        0 eth0
default         222.250.226.1   0.0.0.0         UG    0      0        0 eth0


inet addr:222.250.227.83  Bcast:222.250.227.255  Mask:255.255.254.0

(real IP obfuscated slightly)


I have a feeling the 'Destination' may have caused the issue, though I
am not 100% on this.

I changed the IP to static and now have this, and it works....


Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
222.250.226.1   *               255.255.255.255 UH    0      0        0 eth0
10.0.0.0        222.250.226.1   255.255.255.0   UG    0      0        0 eth0
192.168.81.0    *               255.255.255.0   U     0      0        0 eth1
192.168.10.0    222.250.226.1   255.255.255.0   UG    0      0        0 eth0
222.250.226.0   *               255.255.254.0   U     0      0        0 eth0
default         222.250.226.1   0.0.0.0         UG    0      0        0 eth0


So a combination of driver/port and IP addressing seem to be at the
heart of it.

I am wondering if there is a setting in ipsec that may have got round
this (the addresing, not the dummy0 issue)?

nexthop perhaps?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180720/e28fe08d/attachment.sig>

More information about the Swan mailing list