Re: [Swan] Traffic not routing down tunnel

Sat, 17 Jan 2015 07:13:45 -0800 

Hello Nick:

have added the left and right source ip's to be:

leftsourceip=10.1.10.1
rightsourceip=10.2.10.1

and for my iptables on POSTROUTING:

-I POSTROUTING -s 10.1.0.0/16 -d 10.2.0.0/16 -j RETURN  # Left Side
-I POSTROUTING -s 10.2.0.0/16 -d 10.1.0.0/16 -j RETURN  # Right Side

then tried testing with:

ping -c 4 -I 10.1.10.1 10.2.10.1

but still no response and no drops logged :(

Thanks, Phil

----- Original Message -----
From: "Nick Howitt" <[email protected]>
To: "Phil Daws" <[email protected]>, [email protected]
Sent: Saturday, 17 January, 2015 15:07:05
Subject: Re: [Swan] Traffic not routing down tunnel

With that config you will not be able to ping to or from either gateway through 
the VPN but you should be able to ping from LAN to LAN. To ping to or from a 
gateway, please add left/rightsourceip as your gateway's LAN IP. 

Also have you set any firewall rules for the tunnel? 

Nick 

On 17/01/2015 14:44, Phil Daws wrote: 



Hello:

Have defined a tunnel that is connecting okay but no traffic appears to be 
directed down it.  On each side I have:

conn ipsec
        type=tunnel
        authby=secret
        connaddrfamily=ipv4
        left=37.XXX.XXX.XXX
        leftsubnet=10.1.0.0/16
        right=88.XXX.XXX.XXX
        rightsubnet=10.2.0.0/16
        esp=3des-md5-96
        keyexchange=ike
        pfs=yes
        auto=start

ipsec auto --status shows:

000 Total IPsec connections: loaded 1, active 1

and ip xfrm policy:

src 10.1.0.0/16 dst 10.2.0.0/16
        dir out priority 2608 ptype main
        tmpl src 37.XXX.XXX.XXX dst 88.XXX.XXX.XXX
                proto esp reqid 16385 mode tunnel
src 10.2.0.0/16 dst 10.1.0.0/16
        dir fwd priority 2608 ptype main
        tmpl src 88.XXX.XXX.XXX dst 37.XXX.XXX.XXX
                proto esp reqid 16385 mode tunnel
src 10.2.0.0/16 dst 10.1.0.0/16
        dir in priority 2608 ptype main
        tmpl src 88.XXX.XXX.XXX dst 37.XXX.XXX.XXX
                proto esp reqid 16385 mode tunnel

so to an untrained eye all looks okay so as confused why its not working :(

Appreciate any help please.

Thanks. Phil

(null)
(null)
_______________________________________________
Swan mailing list [email protected] 
https://lists.libreswan.org/mailman/listinfo/swan 



(null)
(null)
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to