[Swan] rightusbnets and leftsubnets - only a single network works

Paul Wouters paul at nohats.ca
Fri May 3 14:40:55 UTC 2019


On Fri, 3 May 2019, Viktor Keremedchiev wrote:

> Subject: [Swan] rightusbnets and leftsubnets - only a single network works

> I have tunnel between libreswan and Palo Alto. I have defined 2 leftsubets but only one is created. I don’t have access to the Palo Alto device

>  leftsubnets={ 10.64.30.5/32 }
>  rightsubnets={ 10.128.0.0/9 10.65.0.0/16 }

> Tunnel is established

one of the two

> ip xfrm policy
> src 10.64.30.5/32 dst 10.128.0.0/9
> 	dir out priority 1040374 ptype main
> 	tmpl src 162…... dst 4.79.1.105
> 		proto esp reqid 16389 mode tunnel
> src 10.128.0.0/9 dst 10.64.30.5/32
> 	dir fwd priority 1040374 ptype main
> 	tmpl src 4…….. dst 162………...
> 		proto esp reqid 16389 mode tunnel
> src 10.128.0.0/9 dst 10.64.30.5/32
> 	dir in priority 1040374 ptype main
> 	tmpl src 4……... dst 162………...
> 		proto esp reqid 16389 mode tunnel

> What might be causing that 10.128.0.0/9  is established but not 10.65.0.0/16?

Most likely the other end did not like your request for the second
tunnel. Check the libreswan logs and if you can the remote device
logs.

Paul


More information about the Swan mailing list