[Swan] thought I had connection with arping
Marc
Marc at f1-outsourcing.eu
Mon Jan 15 21:50:16 EET 2024
> >
> >
> > If I do a ping from the ipsec client to the host, it stalls.
> >
> > When I execute in the libreswan container this command
> >
> > arping -c 10 -i eth1 -S 192.168.x.3 192.168.11.15
> >
> > The ipsec client can ping the host but after 7 seconds, the ping stalls
> again.
the arping is only sending 10, then quits and 7 seconds after that the ping stalls.
> >
> > Anyone had something like this?
>
> I'm a but confused between your use of "ping" and "arping".
>
> If with libreswan stopped,
no this is during a logged in session.
> your arpping is stalling, this would not be a
> libreswan issue.
not the ping is stalling, when I stop the simultanously running arping.
> If with libreswan up, arpping is causing stalls, that
> would indicate some issue related to the system with libreswan.
>
I just have problems getting this config running
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2_split_VPN
with such a config
leftsubnet=192.168.21.0/24
rightaddresspool=192.168.21.200-192.168.21.210
The problem is that somehow when the arpping is stopped, remote hosts are 'forgetting' about the location of the ipsec clients. That is the problem to be solved. I have to little network tcp/ip knowledge what/why/when a remote host will forget about this ip.
I think the above configuration only works if one pings ip addresses that are on the host, I don't think hosts on the network can be reached.
More information about the Swan
mailing list