-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Christian,
You need to use the "farp" plugin, if you use the IP from your LAN subnet. Otherwise the router on the LAN won't be able to resolve the IPs to MAC addresses. The "farp" plugin solves this issue by spoofing arp responses. Regards Noel Kuntze Am 09.12.2013 12:28, schrieb Christian Huldt: > I have on (old) openswan gateway with ipsec-psk and l2tp and one > strongswan 5.1.1 with ikev1 with certificates for users to connect to. > > I must however be doing something wrong as users connected to strongswan > cannot connect to internet, while users connected to openswan has no > problems at all. > > Apart from the ipsec implementation most things are equal, including to > firewall rules - in fact, strongswan replace openswan that worked just > like the remaining openswan gateway. > > tcpdump shows packets going out but not coming in, IPs are provided by > dhcp for strongswan, while openswan has a separate subnet... > > What is the best way to debug this? > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSpao+AAoJEDg5KY9j7GZYxGwP/0ZrA5qy/eB4zNaYmBLJU4Zb KMpIlmj+DCwlHFFtEvj2PgiH3TNqQ/tgGxArflQoB4IbIjyw+ApL+amIY58XGAZ4 TIu3siFQ/bSA9DT07O2QJ1BEePiLbzmvh7pfVCd5Nrl8W11hPocDxjbJERoe5Gr4 Z5uu6g26Hyn2IXga//RHyxV5Y1+zmg+kKmfDunD+3U5krqJcLwSGHq2H9BELjQrS jFJRhuZttQmzMe9vYV4qi5YaC9CPMXpt6NRmoX7ZV41FrRIV8nGR+HIpo8w8STYM jfeX4o4KNQHbYV+fPIaREGEWhrt6G44st7/9nsdhQm0nPVdbmzoaBcFeTqtyb+xq 1XZodfVVPSoyeojPCm2Lvnfj6NBD7wMts1Q5bI36NL7cIsKARVAJEWnCfppkQcut DF3Jy1IFqLOr4EKczwUqQz1yfXGYxW8J8iDIOC+yTmXeGnpIlnY3T3VDoB6XE5ej z5q0UmElaJrcMxPnkb5uQ26pqop2YpnVbuBOFhdk9M974jbpNaXGcrEfuGxcGdVA NkJ+wP2DtttqUAskgZHTEHfz4SUEH606huuECGOp8OEEBq+6+xCZEM9xIguhaNK1 SN8gmMNfOAbu2kCGqbf3s5pGOsYBEyhE3xC2P58xvGvnWk9pUGISITlRxn9pWzts Tq7ryfutEF5UGaTsb+7z =72TP -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
