On Wed, 6 Jul 2016, Jesse Butcher wrote:

We have successfully established SA's with no errors but I am having trouble 
configuring the routing on our side.

You do not need to manually change any routing for IPsec to work.

More likely, you are NATing packets meant for IPsec. You might need
to update your SNAT or MASQUERADE rules to not apply when the packets
are meant for IPsec tunnels.

something like:

iptables -t nat -I POSTROUTING -s 10.0.0.0/8 -o eth+ -m policy --dir out --pol 
none -j MASQUERADE

This would ensure packets that have a --pol ipsec would not get NAT'ed.

Paul

_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to