I think that is why there is not automatic SA established, because there is
no GRE traffic to trigger the swanctl policy in the first place. Thats why
only the manual command establishes the child SA.
On Tue, 1 Aug 2017 at 09:48 M87tech [Jon] <m87t...@gmail.com> wrote:
> Nothing on any of the GRE interfaces, not a peep, no counters no nothing.
> :-(
>
>
> On Tue, 1 Aug 2017 at 09:43 Timo Teras <timo.te...@iki.fi> wrote:
>
>> On Tue, 01 Aug 2017 08:29:40 +0000
>> "M87tech [Jon]" <m87t...@gmail.com> wrote:
>>
>> > Ok understood, in that case ipsec encapsulates it and provides the
>> > tunnel to reach the endpoint that lives (in my case) behind nat and
>> > as you say, as I'm only stating the public address to be resolved in
>> > the nhrp section, so I can imagine then it could get confused and
>> > possibly drop the packet.
>> >
>> > I don't even think its getting to the point of getting confused so far
>> > though. Ideally I need to look at the encrypted traffic to see if
>> > there is any nhrp being sent down it. Also I'm not seeing anything
>> > in the debug logs on either side to give me some hits into why its
>> > failing?
>> >
>> > I'll have another bash at this tonight.
>>
>> tcpdump the GRE interface. You should be able to see all NHRP traffic
>> there in plaintext. Wireshark is also able to analyze it.
>>
>> Timo
>>
> --
> M87 TECH
> Jon Clayton
>
> --
M87 TECH
Jon Clayton
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
opennhrp-devel mailing list
opennhrp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
