On Wed, 9 May 2018, Thomas Stein wrote:
Now I have the routes in question. But still no internet connectivity.
000 000 #2: "my-vpn":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE_IF_USED in 27905s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate 000 #2: "my-vpn" [email protected] [email protected] [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B ESPout=2KB! ESPmax=4194303B username=myself
This is odd. Your IKE SA established, setup the IPsec SA successfully, and then vanished?
rather /etc/ipsec.d # ip r 0.0.0.0/1 dev wlan0 scope link src xxx.xxx.xxx.193 default via 192.168.178.1 dev wlan0 proto dhcp src 192.168.178.21 metric 2007 128.0.0.0/1 dev wlan0 scope link src xxx.xxx.xxx.193 192.168.178.0/24 dev wlan0 proto dhcp scope link src 192.168.178.21 metric 200
That looks good.
Am I supposed to have some iptables rules? I have non so far:
Nope. What does "ipsec whack --trafficstatus" show for the traffic counters? It would be useful to see the pluto logs too and see why your IKE SA died. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
