On 1/21/19 6:36 AM, Alex wrote: > Hi, > > I have a fedora29 system with shorewall-5.2.0.4 and trying to add road > warriors through the VPN from a similar system with fedora29 and > shorewall-5.2.0.4 with a dynamic IP. > > [159401.601943] IPv4: martian source 192.168.1.2 from 192.168.6.1, on dev br0 > [159401.601959] ll header: 00000000: 0c c4 7a a9 18 de a4 15 88 a9 30 > b7 08 00 ..z.......0... > > I've set up 192.168.1.0/24 and 192.168.6.0/24 in the vpn zone in hosts. > > I'm not sure which config settings to include here in the message > body, so thought I would include "shorewall dump" for both systems. > I'm hoping someone can help me identify the issue. > > # VPN server > https://pastebin.com/70zAaW0u > > # road warrior client > https://pastebin.com/AFGMtsWK >
The problem is that eth1 is associated with 192.168.6.0/24, but a packet with source IP 192.168.6.1 is being received through br0. On the VPN client, the loopback interface has been assigned that IP address with is a duplicate of the IP address of eth1 on the server. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
