<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">So what’s that a MAST stack? Can you explain it to me? <div class=""><br class=""></div><div class="">Thanks :)</div><div class=""><div><blockquote type="cite" class=""><div class="">On 04 Sep 2015, at 19:54, Randy Wyatt <<a href="mailto:rwwyatt01@gmail.com" class="">rwwyatt01@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Isn't there a problem that you are adding overlapping routes? <a href="http://10.1.0.0/16" class="">10.1.0.0/16</a> covers <a href="http://10.1.13.0/24" class="">10.1.13.0/24</a>. I think you need a MAST stack for this.<br class=""><div class="gmail_extra"><br class=""><div class="gmail_quote">On Fri, Sep 4, 2015 at 10:51 AM, Christian Hanster <span dir="ltr" class=""><<a href="mailto:christian-hanster@gmx.de" target="_blank" class="">christian-hanster@gmx.de</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class="">Hello Noel,<div class=""><br class=""></div><div class="">the arping is working: </div><div class=""><div style="margin:0px;font-size:11px;font-family:Menlo" class="">arping -I p5p1 -D 10.1.13.100</div><div style="margin:0px;font-size:11px;font-family:Menlo" class="">ARPING 10.1.13.100 from 0.0.0.0 p5p1</div><div style="margin:0px;font-size:11px;font-family:Menlo" class="">Unicast reply from 10.1.13.100 [00:25:4B:CD:F4:64] 0.984ms</div><div style="margin:0px;font-size:11px;font-family:Menlo" class="">Sent 1 probes (1 broadcast(s))</div><div style="margin:0px;font-size:11px;font-family:Menlo" class="">Received 1 response(s)</div><div class=""><br class=""></div></div><div class="">In the meantime I have completely reinstalled the Gateway with a fresh Ubuntu 14.04. That did not solve the problem. Than I changed the log level of charon and there is something really strange: </div><div class=""><br class=""></div><div class=""><span class=""><div style="margin:0px;font-size:11px;font-family:Menlo" class=""> received stroke: add connection 'passthrough'</div></span><div style="margin:0px;font-size:11px;font-family:Menlo" class="">Sep 4 19:38:55 pceapu-2 charon: 08[CFG] left nor right host is our side, assuming left=local</div><div style="margin:0px;font-size:11px;font-family:Menlo" class="">Sep 4 19:38:55 pceapu-2 charon: 08[CFG] added configuration 'passthrough'</div><div style="margin:0px;font-size:11px;font-family:Menlo" class="">Sep 4 19:38:55 pceapu-2 charon: 10[CFG] received stroke: route 'passthrough'</div><div style="margin:0px;font-size:11px;font-family:Menlo" class="">Sep 4 19:38:55 pceapu-2 charon: 10[KNL] adding policy <a href="http://10.1.13.0/24" target="_blank" class="">10.1.13.0/24</a> === <a href="http://10.1.13.0/24" target="_blank" class="">10.1.13.0/24</a> out (mark 0/0x00000000)</div><div style="margin:0px;font-size:11px;font-family:Menlo" class="">Sep 4 19:38:55 pceapu-2 charon: 10[KNL] adding policy <a href="http://10.1.13.0/24" target="_blank" class="">10.1.13.0/24</a> === <a href="http://10.1.13.0/24" target="_blank" class="">10.1.13.0/24</a> in (mark 0/0x00000000)</div><div style="margin:0px;font-size:11px;font-family:Menlo" class="">Sep 4 19:38:55 pceapu-2 charon: 10[KNL] adding policy <a href="http://10.1.13.0/24" target="_blank" class="">10.1.13.0/24</a> === <a href="http://10.1.13.0/24" target="_blank" class="">10.1.13.0/24</a> fwd (mark 0/0x00000000)</div><div style="margin:0px;font-size:11px;font-family:Menlo" class="">Sep 4 19:38:55 pceapu-2 charon: 10[KNL] getting a local address in traffic selector <a href="http://10.1.13.0/24" target="_blank" class="">10.1.13.0/24</a></div><div style="margin:0px;font-size:11px;font-family:Menlo" class="">Sep 4 19:38:55 pceapu-2 charon: 10[KNL] using host 10.1.13.1</div><div style="margin:0px;font-size:11px;font-family:Menlo" class="">Sep 4 19:38:55 pceapu-2 charon: 10[KNL] using 192.168.1.1 as nexthop to reach %any</div><div style="margin:0px;font-size:11px;font-family:Menlo" class="">Sep 4 19:38:55 pceapu-2 charon: 10[KNL] 10.1.13.1 is on interface p5p1</div><div style="margin:0px;font-size:11px;font-family:Menlo" class="">Sep 4 19:38:55 pceapu-2 charon: 10[KNL] installing route: <a href="http://10.1.13.0/24" target="_blank" class="">10.1.13.0/24</a> via 192.168.1.1 src 10.1.13.1 dev p5p1</div><div style="margin:0px;font-size:11px;font-family:Menlo" class="">Sep 4 19:38:55 pceapu-2 charon: 10[KNL] getting iface index for p5p1</div><div style="margin:0px;font-size:11px;font-family:Menlo" class="">Sep 4 19:38:55 pceapu-2 charon: 10[KNL] received netlink error: Network is unreachable (101)</div><div style="margin:0px;font-size:11px;font-family:Menlo" class="">Sep 4 19:38:55 pceapu-2 charon: 10[KNL] unable to install source route for 10.1.13.1</div></div><div style="margin:0px;font-size:11px;font-family:Menlo" class=""><br class=""></div><div style="margin:0px" class="">For me it seems like a bug that Strongswan wants to add a route with a next hop in a passthrough connection. At the moment I’m not completely but it seems to produce the error because this route does not makes in my eyes any sense as 192.168.1.1 is reachable via p4p1 interface. </div><div style="margin:0px" class=""><br class=""></div><div style="margin:0px" class="">Kind regards</div><span class="HOEnZb"><font color="#888888" class=""><div style="margin:0px" class="">Christian Hanster</div></font></span><div class=""><div class="h5"><div class=""><blockquote type="cite" class=""><div class="">On 04 Sep 2015, at 19:35, Noel Kuntze <<a href="mailto:noel@familie-kuntze.de" target="_blank" class="">noel@familie-kuntze.de</a>> wrote:</div><br class=""><div class=""><br class="">-----BEGIN PGP SIGNED MESSAGE-----<br class="">Hash: SHA256<br class=""><br class="">Sorry, meant ARP, not DPD.<br class="">arping -I eth0 -D <IP><br class=""><br class="">- -- <br class=""><br class="">Mit freundlichen Grüßen/Kind Regards,<br class="">Noel Kuntze<br class=""><br class="">GPG Key ID: 0x63EC6658<br class="">Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br class=""><br class="">-----BEGIN PGP SIGNATURE-----<br class="">Version: GnuPG v2<br class=""><br class="">iQIcBAEBCAAGBQJV6dZHAAoJEDg5KY9j7GZY2/4P+wQsKYoPaYesMCkTGzvlmy4O<br class="">R4Hq7TLsVekuBakLxxptrt3IE8T2XvTaV2wp16qtIul45SGwHH+34W3RD0IeQJEf<br class="">8jc3kmuxdeszi9xVxo4HUDf72aBtZOos1v6Wt8UT30Syf2IBLPD1tdSUdlVIrX5X<br class="">5EVG0/AukWHf0aAZXHi41V6H7wBd6UTd1P9i828OFzYx/4Nz06OK7RR2qV1jPP/g<br class="">6Bgap0BnfxIc47Hs8CEZWtEMVQaCWfzCSEFAjsyymVNUZVnh2Tt4xRDJPPqoGGmQ<br class="">yoailqdIspZ3AeYmYzcC85/nRCKrjmdTcFXaJ5crEYQ9frjzcIQJ/f+qHLy5d9+J<br class="">7JLVoEnFPBr2KwUqSJWlt0PhOwfnd4N5D3X5buwNl6+rBpfjgAjKZTvHWMeBc3IB<br class="">OJ2V+0TWb1J+5C2wJaH70MhK6QE5hXFNfg7hGmpGOIGybFksJ2hmnZtN2iuudKaH<br class="">sHapGdwMMQg3noVJPiZ7jDRVQM4sSuW/7TlrxGLOi+ghLFH9HL8zdQYSU1NmQSC8<br class="">v15QmJ+1LMBB/x6gct7yZRci8NtA6fjxK3tMMi9ocqeMES4ix1TA25eFrN+V9mtP<br class="">4K8SM3CJVf3cXTZK+99T9tnq2/raCsw5X57WXxjSZTGh/+F8k4O3pK8w16FJXfvM<br class="">b2+VSGM+vzncYRH7QZFw<br class="">=PFQz<br class="">-----END PGP SIGNATURE-----<br class=""><br class=""></div></blockquote></div><br class=""></div></div></div><br class="">_______________________________________________<br class="">
Users mailing list<br class="">
<a href="mailto:Users@lists.strongswan.org" class="">Users@lists.strongswan.org</a><br class="">
<a href="https://lists.strongswan.org/mailman/listinfo/users" rel="noreferrer" target="_blank" class="">https://lists.strongswan.org/mailman/listinfo/users</a><br class=""></blockquote></div><br class=""><br clear="all" class=""><div class=""><br class=""></div><br class=""><div class="gmail_signature"><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><table width="93%" align="center" style="background-color:rgb(242,245,247)" border="0" cellspacing="0" cellpadding="4" class=""><tbody class=""><tr class=""><td valign="top" style="width:169px;line-height:155%" class=""><font face="Verdana, Arial" style="font-size:11px;margin-top:4px" valign="top" class=""><b class=""></b></font></td><td valign="top" class=""><span style="color:rgb(0,51,102);font-size:18px;font-weight:bold" class=""><font color="#1155cc" class=""><br class=""></font></span></td></tr></tbody></table></div></div></div></div></div></div></div>
</div></div>
</div></blockquote></div><br class=""></div></body></html>