Isn't there a problem that you are adding overlapping routes? 10.1.0.0/16 covers 10.1.13.0/24. I think you need a MAST stack for this.
On Fri, Sep 4, 2015 at 10:51 AM, Christian Hanster <[email protected] > wrote: > Hello Noel, > > the arping is working: > arping -I p5p1 -D 10.1.13.100 > ARPING 10.1.13.100 from 0.0.0.0 p5p1 > Unicast reply from 10.1.13.100 [00:25:4B:CD:F4:64] 0.984ms > Sent 1 probes (1 broadcast(s)) > Received 1 response(s) > > In the meantime I have completely reinstalled the Gateway with a fresh > Ubuntu 14.04. That did not solve the problem. Than I changed the log level > of charon and there is something really strange: > > received stroke: add connection 'passthrough' > Sep 4 19:38:55 pceapu-2 charon: 08[CFG] left nor right host is our side, > assuming left=local > Sep 4 19:38:55 pceapu-2 charon: 08[CFG] added configuration 'passthrough' > Sep 4 19:38:55 pceapu-2 charon: 10[CFG] received stroke: route > 'passthrough' > Sep 4 19:38:55 pceapu-2 charon: 10[KNL] adding policy 10.1.13.0/24 === > 10.1.13.0/24 out (mark 0/0x00000000) > Sep 4 19:38:55 pceapu-2 charon: 10[KNL] adding policy 10.1.13.0/24 === > 10.1.13.0/24 in (mark 0/0x00000000) > Sep 4 19:38:55 pceapu-2 charon: 10[KNL] adding policy 10.1.13.0/24 === > 10.1.13.0/24 fwd (mark 0/0x00000000) > Sep 4 19:38:55 pceapu-2 charon: 10[KNL] getting a local address in > traffic selector 10.1.13.0/24 > Sep 4 19:38:55 pceapu-2 charon: 10[KNL] using host 10.1.13.1 > Sep 4 19:38:55 pceapu-2 charon: 10[KNL] using 192.168.1.1 as nexthop to > reach %any > Sep 4 19:38:55 pceapu-2 charon: 10[KNL] 10.1.13.1 is on interface p5p1 > Sep 4 19:38:55 pceapu-2 charon: 10[KNL] installing route: 10.1.13.0/24 > via 192.168.1.1 src 10.1.13.1 dev p5p1 > Sep 4 19:38:55 pceapu-2 charon: 10[KNL] getting iface index for p5p1 > Sep 4 19:38:55 pceapu-2 charon: 10[KNL] received netlink error: Network > is unreachable (101) > Sep 4 19:38:55 pceapu-2 charon: 10[KNL] unable to install source route > for 10.1.13.1 > > For me it seems like a bug that Strongswan wants to add a route with a > next hop in a passthrough connection. At the moment I’m not completely but > it seems to produce the error because this route does not makes in my eyes > any sense as 192.168.1.1 is reachable via p4p1 interface. > > Kind regards > Christian Hanster > > On 04 Sep 2015, at 19:35, Noel Kuntze <[email protected]> wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Sorry, meant ARP, not DPD. > arping -I eth0 -D <IP> > > - -- > > Mit freundlichen Grüßen/Kind Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJV6dZHAAoJEDg5KY9j7GZY2/4P+wQsKYoPaYesMCkTGzvlmy4O > R4Hq7TLsVekuBakLxxptrt3IE8T2XvTaV2wp16qtIul45SGwHH+34W3RD0IeQJEf > 8jc3kmuxdeszi9xVxo4HUDf72aBtZOos1v6Wt8UT30Syf2IBLPD1tdSUdlVIrX5X > 5EVG0/AukWHf0aAZXHi41V6H7wBd6UTd1P9i828OFzYx/4Nz06OK7RR2qV1jPP/g > 6Bgap0BnfxIc47Hs8CEZWtEMVQaCWfzCSEFAjsyymVNUZVnh2Tt4xRDJPPqoGGmQ > yoailqdIspZ3AeYmYzcC85/nRCKrjmdTcFXaJ5crEYQ9frjzcIQJ/f+qHLy5d9+J > 7JLVoEnFPBr2KwUqSJWlt0PhOwfnd4N5D3X5buwNl6+rBpfjgAjKZTvHWMeBc3IB > OJ2V+0TWb1J+5C2wJaH70MhK6QE5hXFNfg7hGmpGOIGybFksJ2hmnZtN2iuudKaH > sHapGdwMMQg3noVJPiZ7jDRVQM4sSuW/7TlrxGLOi+ghLFH9HL8zdQYSU1NmQSC8 > v15QmJ+1LMBB/x6gct7yZRci8NtA6fjxK3tMMi9ocqeMES4ix1TA25eFrN+V9mtP > 4K8SM3CJVf3cXTZK+99T9tnq2/raCsw5X57WXxjSZTGh/+F8k4O3pK8w16FJXfvM > b2+VSGM+vzncYRH7QZFw > =PFQz > -----END PGP SIGNATURE----- > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
