[Swan] LibreSwan VPN Established | No Data Passing Through

Kumar P S Udai kumar.udai at zuwissen.com
Sat Nov 19 20:14:36 EET 2022

Hi Paul
I tried the above step and a few other possibilities too, but there is no
change in result

000 #8: "PLSUBNET":4500 STATE_V2_ESTABLISHED_IKE_SA (established IKE SA);
EVENT_SA_REKEY in 26251s; newest ISAKMP; idle;
established); EVENT_SA_REKEY in 26637s; newest IPSEC; eroute owner;
isakmp#8; idle;
000 #9: "PLSUBNET" esp.1ef8c43f at esp.1e4d5a5 at
tun.0 at tun.0 at Traffic: ESPin=5KB ESPout=0B! ESPmax=0B

I use nftables on the machine and I added the equivalent command, but to no
avail.  Also for an experiment's sake, I disabled the NAT function on that
machine and kept only the filter ruleset, but even that did not change

Thanks, best regards


On Fri, 18 Nov 2022 at 21:37, Paul Wouters <paul at nohats.ca> wrote:

> On Fri, 18 Nov 2022, Kumar P S Udai wrote:
> > One is at the HO establishing connection to three other branch offices,
> while all three are
> > getting connected, at one branch office the public IP is not configured
> on the machine directly,
> > but on an external vendor's router.  Initially I had trouble
> establishing connection to this unit,
> > but after a lot of reading and config change, the connection is getting
> established now, but I
> > cannot ping or reach each other.  Attaching the config details FYI
> please.  Would appreciate any
> > help from the community.
> > 000 #45: "PLSUBNET" esp.716c376b at esp.fdc71b0a at
> tun.0 at
> > tun.0 at Traffic: ESPin=1KB ESPout=0B! ESPmax=0B
> Note traffic coming in, but no traffic going out.
> > 000 #6276: "PLUTOSUBNET" esp.fdc71b0a at esp.716c376b at
> tun.0 at tun.0 at
> > Traffic: ESPin=0B ESPout=1KB! ESPmax=0B
> > 000
> traffic going out, but no traffic coming in.
> I suspect that on machine PLUTO, there is a NAT rule that ends up NATing
> the traffic before it gets to be IPsec'ed
> On PLUTO try:
> iptables -I FORWARD -t nat -s  -d -j RETURN
> Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221119/554bbb0d/attachment.htm>

More information about the Swan mailing list