Thanks you very much for your answer Martin. This is exactly what happened.
However, now im facing troubles with the internal interface of the SG1. The pings now passes through the security gateway, it reaches the server, but then, when it comes back, it is blocked in the Security Gateway. I have applied the command "*echo 2 > /sys/devices/virtual/net/<br>/brif/<if>/multicast_router*" on those vnet where needed. Do you know if Am I missing something? Does IPsec block the ping when it is going back to the client? Thanks again! Daniel 2013/5/27 Martin Willi <mar...@strongswan.org> > Hi Daniel, > > > when listening to the bridge (br0), we can also see the ICMP packets. > > Unfortunately, when listening to vnet0 or 10.0.0.3, we see no ICMP > > packets. > > Linux bridges do not forward all packets with a multicast MAC addresses > anymore (see [1]). > > You can change the default behavior by using: > > echo 2 > /sys/devices/virtual/net/<br>/brif/<if>/multicast_router > > Regards > Martin > > [1] > http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge#Snooping > > >
_______________________________________________ Dev mailing list Dev@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/dev
