> Your outgoing bytes never made it to the IPsec stack.
>
> If multi homed, use ping -I with your source ip to pick the right source ip?
Not truly multihomed - aside from loopback, no other interface is
up. Did nevertheless as you suggested. No difference.
> If NATing, disable it for the IPsec ip ranges ?
Unfortunately, this is not feasible due to ISP limitations. On the
roadwarrior end, it is not possible at all. On the server end, I
theoretically might try, but the odds are rather against me, I am afraid.
> Check ip_forwarding and check rp_filter is disabled ?
Both is disabled on the roadwarrior/initiator.
Best regards,
Phil
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
