[Swan] LibreSwan VPN Established | No Data Passing Through
Paul Wouters
paul at nohats.ca
Fri Nov 18 18:07:24 EET 2022
On Fri, 18 Nov 2022, Kumar P S Udai wrote:
> One is at the HO establishing connection to three other branch offices, while all three are
> getting connected, at one branch office the public IP is not configured on the machine directly,
> but on an external vendor's router. Initially I had trouble establishing connection to this unit,
> but after a lot of reading and config change, the connection is getting established now, but I
> cannot ping or reach each other. Attaching the config details FYI please. Would appreciate any
> help from the community.
> ON MACHINE PLUTO
> 000 #45: "PLSUBNET" esp.716c376b at 9.8.7.6 esp.fdc71b0a at 10.10.128.100 tun.0 at 9.8.7.6
> tun.0 at 10.10.128.100 Traffic: ESPin=1KB ESPout=0B! ESPmax=0B
Note traffic coming in, but no traffic going out.
> ON MACHINE EUROPA
> 000 #6276: "PLUTOSUBNET" esp.fdc71b0a at 1.2.3.4 esp.716c376b at 9.8.7.6 tun.0 at 1.2.3.4 tun.0 at 9.8.7.6
> Traffic: ESPin=0B ESPout=1KB! ESPmax=0B
> 000
traffic going out, but no traffic coming in.
I suspect that on machine PLUTO, there is a NAT rule that ends up NATing
the traffic before it gets to be IPsec'ed
On PLUTO try:
iptables -I FORWARD -t nat -s 192.168.14.0/24 -d 192.168.1.0/24 -j RETURN
Paul
More information about the Swan
mailing list