[Swan] roadwarrior connects but no data
Paul Wouters
paul at nohats.ca
Fri Oct 5 18:22:17 UTC 2018
On Fri, 5 Oct 2018, Johannes C. Schulz wrote:
> $ ip route
> default via 192.168.42.129 dev enp0s12u2 proto dhcp metric 100
> xx.yyy.zzz.vv dev vti0 scope link
I don't see a src entry here. If the source ip is not the default IP,
then you're in trouble because it would use the wrong source ip to
route into the VTI device, and then not match the IPsec policy.
You can see problems like this by checking the errors counters in
/proc/net/xfrm_stat
Paul
More information about the Swan
mailing list