<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi Noel,<div class=""><br class=""></div><div class="">unfortunately I cannot stop using overlapping subnets because the idea is to route the whole internet traffic. I only took other subnets to reduce the complexity a little bit. Actually I have now taken the log a little bit under investigation and it seems that the passthrough-connection is not installed right: </div><div class=""><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">received stroke: add connection 'passthrough'</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">Sep  4 17:15:26 pceapu-2 charon: 09[CFG] left nor right host is our side, assuming left=local</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">Sep  4 17:15:26 pceapu-2 charon: 09[CFG] added configuration 'passthrough'</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">Sep  4 17:15:26 pceapu-2 charon: 10[CFG] received stroke: route 'passthrough'</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">Sep  4 17:15:26 pceapu-2 charon: 10[KNL] unable to install source route for 10.1.13.1</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class=""><br class=""></div><div style="margin: 0px;" class="">What I do not understand is, why it is not possible to determine our side because there is only one interface with 10.1.13.0/24. What I now take to consideration is that perhaps strongswan cannot handle this new naming of interfaces. On this router the interfaces are named like p4p1 and p5p1. That I actually do not know. Do you know more? </div><div style="margin: 0px;" class=""><br class=""></div><div style="margin: 0px;" class="">OS: Ubuntu 14.04 and strongswan 5.1.2.</div><div style="margin: 0px;" class=""><br class=""></div><div style="margin: 0px;" class="">Kind regards or viele Grüße :) </div><div style="margin: 0px;" class="">Christian Hanster</div><div><blockquote type="cite" class=""><div class="">On 03 Sep 2015, at 21:17, Noel Kuntze <<a href="mailto:noel@familie-kuntze.de" class="">noel@familie-kuntze.de</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><br class="">-----BEGIN PGP SIGNED MESSAGE-----<br class="">Hash: SHA256<br class=""><br class="">Hello Christian,<br class=""><br class="">Make sure that any NAT rules don't break the tunnel,<br class="">that your routes on any hosts don't route traffic anywhere else<br class="">and stop using overlapping subnets, if you can.<br class="">- -- <br class=""><br class="">Mit freundlichen Grüßen/Kind Regards,<br class="">Noel Kuntze<br class=""><br class="">GPG Key ID: 0x63EC6658<br class="">Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br class=""><br class="">-----BEGIN PGP SIGNATURE-----<br class="">Version: GnuPG v2<br class=""><br class="">iQIcBAEBCAAGBQJV6JzlAAoJEDg5KY9j7GZYyKEQAJy0lN588igPKNjFGoKBHmd9<br class="">sMrbjG5YRfP57azZk3xVJfR0el6fr/WgOVo7zdIjK137eVPfpfyHggpgj+WMlyy1<br class="">+P69PoxjK1biZ8c4sJ3tAX7DXcDsr3a/Kge8FW71ETBixQM29XBG7d9s23sIwEss<br class="">rdMCwVDvwH2KiYojOgBTNhYQT07Vfe3y0ZTGJswfuMcW+v3FeqKJoLlVFJRqnV55<br class="">AB7vFtPZ0CW9xx1ATG/tQfQroy4Efx+ykBdvawnF5Iw6eU8yTQGgSv5Oi1LxlBOJ<br class="">2P7jTRaFrWCSm1WiaYriB2Tz57H47NwekCOVJ+t8IxALvPJn1v4hRzMbRF8aCCak<br class="">gG7RBW5+iueD5RAg2IhF3vHOaaDqrxhs289olIjHiDRfaEzVJYWFMJQBCEV1e+9R<br class="">J4lQCT7rp29kOdPFxTuOU9RpC1yqRKDW/qz8TFXgP6SgEuO3w/Ft264iyYmQrP1Z<br class="">utKlPiDhx0H+JXD5I6zhOxjhkPuFqeTX5xUsN40VQ88pLK0ZujP/9W7hbdb5mWkA<br class="">Uks3O0J2WHU7Wz059R/wXkv2PJS762uG8KwSXcY41rcmvToNH3enjlsApqgWfhBo<br class="">yA1iX4q8X4bylTRTAq8Ozt2HeA5ddV0QpumJ9ssQvS43udJHjOzuZWDrJDyZ2C2o<br class="">rKoU8F0kofHBGlaviS+C<br class="">=onju<br class="">-----END PGP SIGNATURE-----<br class=""><br class=""></div></blockquote></div><br class=""></div></body></html>