<div dir="ltr">I am trying to get two networks to flow Multicast traffic. I built a custom Strongswan using the latest version: 5.7.1. Tunnels is up and working but still no multicast traffic.<div><br></div><div>My ipsec statusall</div><div><br></div><div>





<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Status of IKE charon daemon (strongSwan 5.7.1, Linux 4.15.0-1027-aws, x86_64):</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">  </span>uptime: 36 minutes, since Nov 14 12:55:58 2018</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">  </span>malloc: sbrk 4796416, mmap 532480, used 3212832, free 1583584</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">  </span>worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 3</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">  </span>loaded plugins: charon unbound pkcs11 aesni aes des blowfish rc2 sha2 sha3 sha1 md4 md5 mgf1 rdrand random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru newhope bliss files attr kernel-pfkey kernel-netlink resolve socket-default socket-dynamic bypass-lan connmark forecast farp stroke vici updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp p-cscf whitelist lookip error-notify certexpire led duplicheck radattr addrblock unity counters</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Listening IP addresses:</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">  </span>10.77.0.104</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Connections:</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">multicast-conn:<span class="gmail-Apple-converted-space">  </span>10.77.0.104...xxxxxxx<span class="gmail-Apple-converted-space">  </span>IKEv2, dpddelay=30s</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">multicast-conn: <span class="gmail-Apple-converted-space">  </span>local:<span class="gmail-Apple-converted-space">  </span>[yyyyyyyy] uses pre-shared key authentication</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">multicast-conn: <span class="gmail-Apple-converted-space">  </span>remote: [xxxxxxxx] uses pre-shared key authentication</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">multicast-conn: <span class="gmail-Apple-converted-space">  </span>child:<span class="gmail-Apple-converted-space">  </span><a href="http://10.77.0.96/28">10.77.0.96/28</a> <a href="http://224.10.0.0/16">224.10.0.0/16</a> <a href="http://239.1.0.0/23">239.1.0.0/23</a> === <a href="http://10.50.10.0/25">10.50.10.0/25</a> <a href="http://224.10.0.0/16">224.10.0.0/16</a> <a href="http://239.1.0.0/23">239.1.0.0/23</a> TUNNEL, dpdaction=hold</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Shunted Connections:</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Bypass LAN <a href="http://10.77.0.96/28">10.77.0.96/28</a>:<span class="gmail-Apple-converted-space">  </span><a href="http://10.77.0.96/28">10.77.0.96/28</a> === <a href="http://10.77.0.96/28">10.77.0.96/28</a> PASS</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Bypass LAN <a href="http://10.77.0.97/32">10.77.0.97/32</a>:<span class="gmail-Apple-converted-space">  </span><a href="http://10.77.0.97/32">10.77.0.97/32</a> === <a href="http://10.77.0.97/32">10.77.0.97/32</a> PASS</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Bypass LAN fe80::/64:<span class="gmail-Apple-converted-space">  </span>fe80::/64 === fe80::/64 PASS</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Routed Connections:</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">multicast-conn{1}:<span class="gmail-Apple-converted-space">  </span>ROUTED, TUNNEL, reqid 1</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">multicast-conn{1}: <span class="gmail-Apple-converted-space">  </span><a href="http://10.77.0.96/28">10.77.0.96/28</a> <a href="http://224.10.0.0/16">224.10.0.0/16</a> <a href="http://239.1.0.0/23">239.1.0.0/23</a> === <a href="http://10.50.10.0/25">10.50.10.0/25</a> <a href="http://224.10.0.0/16">224.10.0.0/16</a> <a href="http://239.1.0.0/23">239.1.0.0/23</a></span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Security Associations (1 up, 0 connecting):</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">multicast-conn[1]: ESTABLISHED 36 minutes ago, 10.77.0.104[100.24.163.130]...xxxxxxx[xxxxxxxx]</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">multicast-conn[1]: IKEv2 SPIs: e52d72342f2f6068_i 0e26010c583bd313_r*, pre-shared key reauthentication in 23 hours</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">multicast-conn[1]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">multicast-conn{2}:<span class="gmail-Apple-converted-space">  </span>INSTALLED, TUNNEL, reqid 2, ESP SPIs: c43bcd7c_i b7177b76_o</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">multicast-conn{2}:<span class="gmail-Apple-converted-space">  </span>AES_CBC_256/HMAC_SHA1_96, 2782 bytes_i, 110544 bytes_o (1316 pkts, 0s ago), rekeying in 7 hours</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">multicast-conn{2}: <span class="gmail-Apple-converted-space">  </span><a href="http://10.77.0.96/28">10.77.0.96/28</a> <a href="http://224.10.0.0/16">224.10.0.0/16</a> <a href="http://239.1.0.0/23">239.1.0.0/23</a> === <a href="http://10.50.10.0/25">10.50.10.0/25</a> <a href="http://224.10.0.0/16">224.10.0.0/16</a> <a href="http://239.1.0.0/23">239.1.0.0/23</a></span></p></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><br></div><div class="gmail_signature" data-smartmail="gmail_signature">My ipsec config:</div><div class="gmail_signature" data-smartmail="gmail_signature"><br></div><div class="gmail_signature" data-smartmail="gmail_signature">





<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">config setup</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span># charondebug="ike 4, knl 4, cfg 4, net 4, esp 4, dmn 4,<span class="gmail-Apple-converted-space">  </span>mgr 4"</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>charondebug="cfg 2, esp 2"</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">conn </span><span style="font-variant-ligatures:no-common-ligatures">config setup</span></p>






<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span># charondebug="ike 4, knl 4, cfg 4, net 4, esp 4, dmn 4,<span class="gmail-Apple-converted-space">  </span>mgr 4"</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>charondebug="cfg 2, esp 2"</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">conn seedcx-etale-aws</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>keyexchange=ikev2</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>authby=secret</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"># My network</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>left=10.77.0.104</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>leftsubnet=<a href="http://10.77.0.96/28,224.10.0.0/16,239.1.1.0/23">10.77.0.96/28,224.10.0.0/16,239.1.1.0/23</a></span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>leftid=yyyyyyyyyyyy</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>leftfirewall=yes</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"># Peer<span class="gmail-Apple-converted-space">  </span>Network</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>right=xxxxxxxxxxx</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>rightid=xxxxxxxxx</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>rightsubnet=<a href="http://10.50.10.0/25,224.10.0.0/16,239.1.1.0/23">10.50.10.0/25,224.10.0.0/16,239.1.1.0/23</a></span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"># CIPHERS</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>ike=aes256-sha-modp1024</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>esp=aes256-sha</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"># REKEYING</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>ikelifetime=86400</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>lifetime=28800</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>rekeymargin=3m</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>keyingtries=3</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"># CONTROL</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>lefthostaccess=yes</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>#righthostaccess=yes</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>dpdaction=hold</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>mark=%unique</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>auto=route</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>keyexchange=ikev2</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       </span>authby=secret</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><br></p></div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><br></div><div class="gmail_signature" data-smartmail="gmail_signature">My forecast conf</div><div class="gmail_signature" data-smartmail="gmail_signature"><br></div><div class="gmail_signature" data-smartmail="gmail_signature">





<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">forecast {</span></p>
<p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85);min-height:16px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span># Multicast groups to join locally, allowing forwarding of them.</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span>groups = <a href="http://224.10.0.0/16,239.1.1.0/23">224.10.0.0/16,239.1.1.0/23</a></span></p>
<p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85);min-height:16px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span></span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span># Local interface to listen for broadcasts to forward.</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span>interface =<span class="gmail-Apple-converted-space">  </span>eth0</span></p>
<p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85);min-height:16px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span># Whether to load the plugin. Can also be an integer to increase the</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span># priority of this plugin.</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span>load = yes</span></p>
<p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85);min-height:16px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span># CHILD_SA configurations names to perform multi/broadcast reinjection.</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span># reinject = </span></p>
<p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85);min-height:16px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">}</span></p></div><div class="gmail_signature" data-smartmail="gmail_signature"><br></div><div class="gmail_signature" data-smartmail="gmail_signature">My iptables -L</div><div class="gmail_signature" data-smartmail="gmail_signature">





<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">hain INPUT (policy ACCEPT)</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">target <span class="gmail-Apple-converted-space">    </span>prot opt source <span class="gmail-Apple-converted-space">              </span>destination<span class="gmail-Apple-converted-space">         </span></span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span>policy match dir in pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span>policy match dir in pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span>ip-10-50-10-0.ppp.internal/25<span class="gmail-Apple-converted-space">  </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span>policy match dir in pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span>policy match dir in pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span>policy match dir in pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span>ip-10-50-10-0.ppp.internal/25<span class="gmail-Apple-converted-space">  </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span>policy match dir in pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span>ip-10-77-0-96.ec2.internal/28<span class="gmail-Apple-converted-space">  </span>policy match dir in pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span>ip-10-77-0-96.ec2.internal/28<span class="gmail-Apple-converted-space">  </span>policy match dir in pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span>ip-10-50-10-0.ppp.internal/25<span class="gmail-Apple-converted-space">  </span>ip-10-77-0-96.ec2.internal/28<span class="gmail-Apple-converted-space">  </span>policy match dir in pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85);min-height:16px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Chain FORWARD (policy ACCEPT)</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">target <span class="gmail-Apple-converted-space">    </span>prot opt source <span class="gmail-Apple-converted-space">              </span>destination<span class="gmail-Apple-converted-space">         </span></span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span>policy match dir in pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span>policy match dir out pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span>policy match dir in pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span>policy match dir out pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span>ip-10-50-10-0.ppp.internal/25<span class="gmail-Apple-converted-space">  </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span>policy match dir in pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span>ip-10-50-10-0.ppp.internal/25<span class="gmail-Apple-converted-space">  </span>policy match dir out pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span>policy match dir in pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span>policy match dir out pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span>policy match dir in pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span>policy match dir out pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span>ip-10-50-10-0.ppp.internal/25<span class="gmail-Apple-converted-space">  </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span>policy match dir in pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span>ip-10-50-10-0.ppp.internal/25<span class="gmail-Apple-converted-space">  </span>policy match dir out pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span>ip-10-77-0-96.ppp.internal/28<span class="gmail-Apple-converted-space">  </span>policy match dir in pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span>ip-10-77-0-96.ppp.internal/28<span class="gmail-Apple-converted-space">  </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span>policy match dir out pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span>ip-10-77-0-96.ppp.internal/28<span class="gmail-Apple-converted-space">  </span>policy match dir in pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span>ip-10-77-0-96.ppp.internal/28<span class="gmail-Apple-converted-space">  </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span>policy match dir out pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span>ip-10-50-10-0.ppp.internal/25<span class="gmail-Apple-converted-space">  </span>ip-10-77-0-96.ppp.internal/28<span class="gmail-Apple-converted-space">  </span>policy match dir in pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span>ip-10-77-0-96.ppp.internal/28<span class="gmail-Apple-converted-space">  </span>ip-10-50-10-0.ppp.internal/25<span class="gmail-Apple-converted-space">  </span>policy match dir out pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85);min-height:16px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Chain OUTPUT (policy ACCEPT)</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">target <span class="gmail-Apple-converted-space">    </span>prot opt source <span class="gmail-Apple-converted-space">              </span>destination<span class="gmail-Apple-converted-space">         </span></span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span>policy match dir out pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span>policy match dir out pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span>ip-10-50-10-0.ppp.internal/25<span class="gmail-Apple-converted-space">  </span>policy match dir out pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span>policy match dir out pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span>policy match dir out pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span>ip-10-50-10-0.ppp.internal/25<span class="gmail-Apple-converted-space">  </span>policy match dir out pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span>ip-10-77-0-96.ppp.internal/28<span class="gmail-Apple-converted-space">  </span><a href="http://239.1.0.0/23">239.1.0.0/23</a> <span class="gmail-Apple-converted-space">        </span>policy match dir out pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span>ip-10-77-0-96.ppp.internal/28<span class="gmail-Apple-converted-space">  </span><a href="http://224.10.0.0/16">224.10.0.0/16</a><span class="gmail-Apple-converted-space">        </span>policy match dir out pol ipsec reqid 2 proto esp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Monaco;color:rgb(242,242,242);background-color:rgba(0,0,0,0.85)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ACCEPT <span class="gmail-Apple-converted-space">    </span>all<span class="gmail-Apple-converted-space">  </span>--<span class="gmail-Apple-converted-space">  </span>ip-10-77-0-96.ppp.internal/28<span class="gmail-Apple-converted-space">  </span>ip-10-50-10-0.ppp.internal/25<span class="gmail-Apple-converted-space">  </span>policy match dir out pol ipsec reqid 2 proto esp</span></p></div><div class="gmail_signature" data-smartmail="gmail_signature"><br></div><div class="gmail_signature" data-smartmail="gmail_signature">The network admin on the other side mentioned this:</div><div class="gmail_signature" data-smartmail="gmail_signature"><br></div><div class="gmail_signature" data-smartmail="gmail_signature"><div><font face="monospace, monospace">I have enabled PIM Sparse mode on my end of the VPN tunnel. Here is the Certification info:</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">RP 10.50.10.1 groups <a href="http://239.1.1.0/23" target="_blank">239.1.1.0/23</a> ... so on a normal networking device (cisco, arista) you would add the statements:</font></div><div><font face="monospace, monospace">ip pim rp-address 10.50.10.1 <a href="http://224.10.0.0/16" target="_blank">224.10.0.0/16</a><br></font></div><div><font face="monospace, monospace">ip pim rp-address 10.50.10.1 <a href="http://239.1.1.0/23" target="_blank">239.1.1.0/23</a></font></div><div><br></div><div>Is there any way to configure this on Stronswan? Should I kindly ask him to change something on their side in order to make it work?</div></div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><br><br> <br>Victor Medina<br></div></div></div>