On 20/07/18 09:51, Roberto Suárez Soto wrote:
> El 20/07/18 a las 01:43, John Crisp escribió:
>> However, once up I can only ping from the Libre end -> Endian.
>>
>> Once a ping has been sent, magically I can ping from the Endian back to
>> Libre
>
> I've seen this happen when the firewall at one end ("Libre", in this
> case) doesn't allow incoming IPSec connections, or maybe just ESP
> traffic (or, if encapsulated, 4500/udp). It doesn't work when initiating
> the connection (i.e., ping) from the other side, but when you do it from
> the Libre side, the replies get into the "related" state and are
> allowed. If this is the case, you may see the dropped packets in Libre's
> logs.
>
> My 2¢, anyway.
>
Thanks !I was checking in the cold hard light of day after a decent nights sleep and noticed there is one significant difference I had missed. The working versions are Proxmox VMs with virtual ethernet adaptors using a virtio_net driver on both the 'real' outside interface and the 'dummy' internal one. That puts the machine in server-gateway mode so the firewalling works etc etc But the two non working machines have a ethernet dummy adaptor set up on the 'internal' interface and that has no driver. I have reason to suspect that this may be the cause of my problems. I'll post back once I test a bit more B. Rgds John
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
