On 2014-02-26, Josh <mylis...@gmail.com> wrote: > Hi @misc, > > I am facing an issue between two boxes (box1 and box2) connected > through an IPsec tunnel. > They are both on the same subnet and both listen on port 22 (sshd running) > > When the ipsec tunnel is down and encap routes are flushed on both > boxes (ipsecctl -F), performing a "telnet ip_of_box1 22" on box1 works > fine. Same on box2. > However, when the ipsec tunnel is up, performing the same telnet > command on box1 will just time out. Same timeout on box2. Reaching > box1 from box2 and vice versa is not a problem. > > I am not sure to understand why I can't reach the local IP address > when the tunnel is up.
Try tcpdumping packets going over the ipsec tunnel, do you see those packets which should be local actually being sent over the tunnel? If so, I don't have an answer for this, but I've seen it myself, though only with manually configured ipsec rather than IKE (though I've only really tried IKEv1 with isakmpd, not IKEv2). I've mentioned it to a few people but haven't heard any possible explanations yet.
