On Tue, 10 May 2016, Frank wrote:
I’m trying to setup an ipsec connection from a recent centos7 box to a pfSense
with strongSwan (charon), as a test before connecting to a remote ciscoASA.
SA's seem up.
I can't get traffic to the other side (host on 192.168.211.2 or .12):
192.168.1.0/24===xxx.xxx.39.68<xxx.xxx.39.68>...yyy.yyy.13.34<yyy.yyy.13.34>===192.168.211.0/24
ping 192.168.211.2
PING 192.168.211.2 (192.168.211.2) 56(84) bytes of data.
From xxx.xxx.39.68 icmp_seq=1 Destination Host Unreachable
Oddly this used your public ip as source, instead of the one you
specified with leftsourceip=192.168.1.2
does ping -I 192.168.1.2 192.168.211.2 work?
ip route:
default via xxx.xxx.39.78 dev eth4
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.2
192.168.2.0/24 dev eth2 proto kernel scope link src 192.168.2.2
192.168.3.0/24 dev eth3 proto kernel scope link src 192.168.3.2
192.168.211.0/24 dev eth4 scope link src 192.168.1.2
It's there, so why is ping using the wrong source ip?
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
