[Swan] Tunnel gets established, but machines can reach each other only for less than a minute

[Paul Wouters]

On Fri, 3 Feb 2023, ud at blueaquan.com wrote:

> Double checked this, rp_filter is disabled on all interfaces and ipv4 forwarding is enabled.  I use
> "nftables" on both ends and have double checked to rules to ensure packets from both these sites have
> bi-directional traffic enabled.  In fact to rule out nftables, I flushed all rules at both ends briefly
> for a min and tried to reach each other, but there's no change in status.

Then you need to do network captures to see if the packets are in fact
making it to the machine or not. If they are, double check
/proc/net/xfrm_stat for non-zero entries indicating problems.