[Swan] getting traffic in 1 direction only

Marc Marc at f1-outsourcing.eu
Sun Jan 14 21:38:14 EET 2024 

managed to get it working by adding the arping to updown script

arping -c2 -i ${PLUTO_INTERFACE} -S {PLUTO_PEER_CLIENT} 192.168.x.x

> 
> leftsubnet=192.168.x.0/24
> rightaddresspool=192.168.x.1-192.168.x.10
> 
> Is this even possible?
> 
> 
> 
> >
> > This looks as to be expected for the ip of the ipsec client/peer:
> >
> > :/etc/ipsec.d# ipsec showroute -4 192.168.x.3
> > publicip publicgwip 192.168.x.3
> >
> > However execute the same command for a local host I get the same result.
> > :/etc/ipsec.d# ipsec showroute -4 192.168.x.15
> > publicip publicgwip 192.168.x.15
> >
> > Should this not be something mentioning the ethX adapter or so?
> >
> >
> >
> https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2_split_V
> > PN
> >
> > >
> > > If I do a ping on the ipsec client, I can see it arrive on the
> destination
> > > host with a tcpdump
> > >
> > > tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> > > listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes
> > > 18:51:25.694274 IP 192.168.x.3 > 192.168.x.15: ICMP echo request, id 34,
> > seq
> > > 278, length 64
> > > 18:51:26.677873 IP 192.168.x.3 > 192.168.x.15: ICMP echo request, id 34,
> > seq
> > > 279, length 64
> > > 18:51:27.716212 IP 192.168.x.3 > 192.168.x.15: ICMP echo request, id 34,
> > seq
> > > 280, length 64
> > > 18:51:28.722770 IP 192.168.x.3 > 192.168.x.15: ICMP echo request, id 34,
> > seq
> > > 281, length 64
> > >
> > > However when I do ping on the destination host to the ipset client I do
> > not
> > > even see this ping enter the interface of the host where libreswan is
> > > running.
> > >
> > > How should I resolve this? I have tried a bit with arping and
> > > enabling/disabling proxy arp on the host interface, but nothing seems to
> > > work
> > > (iptables is off and forwarding is on)
> > >
> > >
> > > _______________________________________________
> > > Swan mailing list
> > > Swan at lists.libreswan.org
> > > https://lists.libreswan.org/mailman/listinfo/swan
> > _______________________________________________
> > Swan mailing list
> > Swan at lists.libreswan.org
> > https://lists.libreswan.org/mailman/listinfo/swan
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan

More information about the Swan mailing list