On Wed, 6 Jul 2016, Jesse Butcher wrote:
We have successfully established SA's with no errors but I am having trouble configuring the routing on our side.
You do not need to manually change any routing for IPsec to work. More likely, you are NATing packets meant for IPsec. You might need to update your SNAT or MASQUERADE rules to not apply when the packets are meant for IPsec tunnels. something like: iptables -t nat -I POSTROUTING -s 10.0.0.0/8 -o eth+ -m policy --dir out --pol none -j MASQUERADE This would ensure packets that have a --pol ipsec would not get NAT'ed. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
