Hi Noel, unfortunately I cannot stop using overlapping subnets because the idea is to route the whole internet traffic. I only took other subnets to reduce the complexity a little bit. Actually I have now taken the log a little bit under investigation and it seems that the passthrough-connection is not installed right: received stroke: add connection 'passthrough' Sep 4 17:15:26 pceapu-2 charon: 09[CFG] left nor right host is our side, assuming left=local Sep 4 17:15:26 pceapu-2 charon: 09[CFG] added configuration 'passthrough' Sep 4 17:15:26 pceapu-2 charon: 10[CFG] received stroke: route 'passthrough' Sep 4 17:15:26 pceapu-2 charon: 10[KNL] unable to install source route for 10.1.13.1
What I do not understand is, why it is not possible to determine our side because there is only one interface with 10.1.13.0/24. What I now take to consideration is that perhaps strongswan cannot handle this new naming of interfaces. On this router the interfaces are named like p4p1 and p5p1. That I actually do not know. Do you know more? OS: Ubuntu 14.04 and strongswan 5.1.2. Kind regards or viele Grüße :) Christian Hanster > On 03 Sep 2015, at 21:17, Noel Kuntze <[email protected]> wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hello Christian, > > Make sure that any NAT rules don't break the tunnel, > that your routes on any hosts don't route traffic anywhere else > and stop using overlapping subnets, if you can. > - -- > > Mit freundlichen Grüßen/Kind Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJV6JzlAAoJEDg5KY9j7GZYyKEQAJy0lN588igPKNjFGoKBHmd9 > sMrbjG5YRfP57azZk3xVJfR0el6fr/WgOVo7zdIjK137eVPfpfyHggpgj+WMlyy1 > +P69PoxjK1biZ8c4sJ3tAX7DXcDsr3a/Kge8FW71ETBixQM29XBG7d9s23sIwEss > rdMCwVDvwH2KiYojOgBTNhYQT07Vfe3y0ZTGJswfuMcW+v3FeqKJoLlVFJRqnV55 > AB7vFtPZ0CW9xx1ATG/tQfQroy4Efx+ykBdvawnF5Iw6eU8yTQGgSv5Oi1LxlBOJ > 2P7jTRaFrWCSm1WiaYriB2Tz57H47NwekCOVJ+t8IxALvPJn1v4hRzMbRF8aCCak > gG7RBW5+iueD5RAg2IhF3vHOaaDqrxhs289olIjHiDRfaEzVJYWFMJQBCEV1e+9R > J4lQCT7rp29kOdPFxTuOU9RpC1yqRKDW/qz8TFXgP6SgEuO3w/Ft264iyYmQrP1Z > utKlPiDhx0H+JXD5I6zhOxjhkPuFqeTX5xUsN40VQ88pLK0ZujP/9W7hbdb5mWkA > Uks3O0J2WHU7Wz059R/wXkv2PJS762uG8KwSXcY41rcmvToNH3enjlsApqgWfhBo > yA1iX4q8X4bylTRTAq8Ozt2HeA5ddV0QpumJ9ssQvS43udJHjOzuZWDrJDyZ2C2o > rKoU8F0kofHBGlaviS+C > =onju > -----END PGP SIGNATURE----- >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
