Hi Martin, Hi Andreas, Hi All,
After I established ipsec tunnel between two linux-pcs, and I found the following problem: I initiate ping form HNB (192.168.253.88 --- virtual ip) to GW (192.168.253.98- additional ip), but from tcpdump, I see: Only the packages go through normal tunnel (172.19.2.118 ----- 172.19.2.247) is ESP. And The packages go through virtual tunnel (192.168.253.88 ==== 192.168.253.98) is icmp Why this issue happened? Can you give me a hint to find out the root cause? Thank you! Tunnel has been established, it can be check with: ipsec status ---- Attached file: status.txt Ip -s xfrm policy: ---- Attached file: policy.txt Ip -s xfrm state: --- Attached file: state.txt Ip route list table 220: --- Attached file: route-table.txt Iptables -L: -----Attached file: iptables.txt Log: ------ Attached file: charon.out But from iptables.txt, on any item can be found. >From charon.out, it indicate "/lib/iptables/libipt_policy.so" is missing. In the GW side, I add one additional IP, ( -eth0:0 192.168.253.98). And the machine of GW has only one netcard. Tunnel is established in: 192.168.253.88 ====== 192.168.253.98. The configure file is enclosed: Ipsec(gw).conf and ipsec(client).conf Best Regards, David
Attached-file.rar
Description: Binary data
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
