On Mon, 11 Sep 2017, Whit Blauvelt wrote:
The IP is local on the machine, as I said. It is a fixed IP from a set of
public IPs assigned to an interface on the machine running Libreswan. This
is the machine which is a firewall in our office. There is no NAT between
this IP and the upstream gateway. The only NAT involved is on the other end
of the tunnel, on an AWS instance, which is not complaining.
Another machine with a different subset of from the same /27 block of public
IPs, running Openswan, is similarly using one of those IPs for a tunnel, and
there's no problem in that case.
Pluto's logic in deciding whether an IP is "usable" looks to have become
broken somewhere between Openswan 2.6.38 (from the Ubuntu 14.04 deb) and
Libreswan 3.2.1 (from tar, running on Ubuntu 16.04). Is a workaround or fix
possible?
I cannot do workarounds of fixes without understanding the problem
please send me offlist an "ipsec barf" when pluto is not running,
and then mail me the logs, that include plutodebug=all in ipsec.conf,
of the startup of pluto.
mail me the uncensored info and the uncensored public ip involved.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
