[Swan] getting traffic in 1 direction only
Marc
Marc at f1-outsourcing.eu
Sun Jan 14 20:16:48 EET 2024
This looks as to be expected for the ip of the ipsec client/peer:
:/etc/ipsec.d# ipsec showroute -4 192.168.x.3
publicip publicgwip 192.168.x.3
However execute the same command for a local host I get the same result.
:/etc/ipsec.d# ipsec showroute -4 192.168.x.15
publicip publicgwip 192.168.x.15
Should this not be something mentioning the ethX adapter or so?
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2_split_VPN
>
> If I do a ping on the ipsec client, I can see it arrive on the destination
> host with a tcpdump
>
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes
> 18:51:25.694274 IP 192.168.x.3 > 192.168.x.15: ICMP echo request, id 34, seq
> 278, length 64
> 18:51:26.677873 IP 192.168.x.3 > 192.168.x.15: ICMP echo request, id 34, seq
> 279, length 64
> 18:51:27.716212 IP 192.168.x.3 > 192.168.x.15: ICMP echo request, id 34, seq
> 280, length 64
> 18:51:28.722770 IP 192.168.x.3 > 192.168.x.15: ICMP echo request, id 34, seq
> 281, length 64
>
> However when I do ping on the destination host to the ipset client I do not
> even see this ping enter the interface of the host where libreswan is
> running.
>
> How should I resolve this? I have tried a bit with arping and
> enabling/disabling proxy arp on the host interface, but nothing seems to
> work
> (iptables is off and forwarding is on)
>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list