<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Baskerville;
panose-1:2 2 5 2 7 4 1 2 3 3;}
@font-face
{font-family:"Times New Roman \(Body CS\)";
panose-1:2 11 6 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:12.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Baskerville",serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:12.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1944537156;
mso-list-type:hybrid;
mso-list-template-ids:-958390862 346078388 134807555 134807557 134807553 134807555 134807557 134807553 134807555 134807557;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman \(Body CS\)";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style>
</head>
<body lang="EN-IN" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">Hello group,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">I am trying to run some tests in my lab setup with a Cisco cloud service router on one side and running StrongSwan version 5.8.2 on the other side (Ubuntu 20.04LTS).
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">I am using loopback interface on the Cisco side, and a normal interface on the Ubuntu side to simulate LAN networks and there is no NAT involved in-between.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">The connection has come up properly (verified on both sides). However, end-to-end ping connectivity from the LAN to LAN is not going through due to what appears to me to be
a forwarding issue on the Ubuntu side.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">I suspect I am missing something basic here, but I am not able to figure it out. Any pointers are deeply appreciated.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">root@mochalla:~# swanctl -l<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">csr: #2, ESTABLISHED, IKEv2, e3613778f4d39f6d_i ec5d278f976b8165_r*<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">
<span style="background:yellow;mso-highlight:yellow">local '192.168.1.2'</span> @ 192.168.1.2[500]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">
<span style="background:yellow;mso-highlight:yellow">remote '192.168.1.1'</span> @ 192.168.1.1[500]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> AES_CBC-256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> established 581s ago, rekeying in 13147s<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> csr: #3, reqid 1, INSTALLED, TUNNEL, ESP:AES_CBC-128/HMAC_SHA1_96<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> installed 15s ago, rekeying in 262s, expires in 315s<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> in c33426a5, 0 bytes, 0 packets<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> out a790e4e9, 0 bytes, 0 packets<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">
<span style="background:yellow;mso-highlight:yellow">local 172.16.1.0/24</span><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">
<span style="background:yellow;mso-highlight:yellow">remote 172.17.1.0/24</span><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">root@mochalla:~# ip add<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><…><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> link/ether 00:50:56:bd:6d:f7 brd ff:ff:ff:ff:ff:ff<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> altname enp11s0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> inet
<span style="background:yellow;mso-highlight:yellow">192.168.1.2</span>/24 brd 192.168.1.255 scope global noprefixroute ens192<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> valid_lft forever preferred_lft forever<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> inet6 fe80::145d:7f77:fb57:e349/64 scope link noprefixroute<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> valid_lft forever preferred_lft forever<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">4: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> link/ether 00:50:56:bd:aa:76 brd ff:ff:ff:ff:ff:ff<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> altname enp19s0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> inet
<span style="background:yellow;mso-highlight:yellow">172.16.1.1</span>/24 brd 172.16.1.255 scope global noprefixroute ens224<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> valid_lft forever preferred_lft forever<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> inet6 fe80::f1b7:4eb:7e:fd89/64 scope link noprefixroute<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> valid_lft forever preferred_lft forever<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">On the Cisco side, I can see that the ping packets are getting encrypted<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">Router#sh cry sess de | i pkts<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 4608000/3590<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 4608000/3590<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">Router#<span style="background:yellow;mso-highlight:yellow">ping 172.16.1.1 so 172.17.1.1 re 10 ti 1</span><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">Type escape sequence to abort.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">Sending 10, 100-byte ICMP Echos to 172.16.1.1, timeout is 1 seconds:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">Packet sent with a source address of 172.17.1.1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">..........<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">Success rate is 0 percent (0/10)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">Router#sh cry sess de | i pkts<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 4608000/3526<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"> Outbound:
<span style="background:yellow;mso-highlight:yellow">#pkts enc'ed 10</span> drop 0 life (KB/Sec) 4607999/3526<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">The ESP packets can be seen reaching the ens192 interface on Ubuntu in tcpdump.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">root@mochalla:~# tcpdump -i ens192<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">tcpdump: verbose output suppressed, use -v or -vv for full protocol decode<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:47:29.855345 IP 192.168.1.1 > mochalla: ESP(spi=0xce02423e,seq=0x1), length 148<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:47:30.854815 IP 192.168.1.1 > mochalla: ESP(spi=0xce02423e,seq=0x2), length 148<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:47:31.854795 IP 192.168.1.1 > mochalla: ESP(spi=0xce02423e,seq=0x3), length 148<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:47:32.855670 IP 192.168.1.1 > mochalla: ESP(spi=0xce02423e,seq=0x4), length 148<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:47:33.855818 IP 192.168.1.1 > mochalla: ESP(spi=0xce02423e,seq=0x5), length 148<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:47:34.856440 IP 192.168.1.1 > mochalla: ESP(spi=0xce02423e,seq=0x6), length 148<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:47:35.856364 IP 192.168.1.1 > mochalla: ESP(spi=0xce02423e,seq=0x7), length 148<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:47:36.855871 IP 192.168.1.1 > mochalla: ESP(spi=0xce02423e,seq=0x8), length 148<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:47:37.856339 IP 192.168.1.1 > mochalla: ESP(spi=0xce02423e,seq=0x9), length 148<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:47:38.856668 IP 192.168.1.1 > mochalla: ESP(spi=0xce02423e,seq=0xa), length 148<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">Looks like the route is also getting installed in table 220 as expected.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif;background:yellow;mso-highlight:yellow">root@mochalla:~# ip route show table 220<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif;background:yellow;mso-highlight:yellow">172.17.1.0/24 via 192.168.1.1 dev ens192 proto static src 172.16.1.1</span><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">If I try pinging from StrongSwan side to Cisco, I can see the reply ESP packets are reaching the ens192 interface, but not getting forwarded to ens224.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">root@mochalla:~# ping 172.17.1.1 -I ens224 -c10 -W1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">PING 172.17.1.1 (172.17.1.1) from 172.16.1.1 ens224: 56(84) bytes of data.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">root@mochalla:~# tcpdump -i ens192<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">tcpdump: verbose output suppressed, use -v or -vv for full protocol decode<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:31.317527 IP mochalla > 192.168.1.1: ESP(spi=0x2816000e,seq=0x9), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:31.317771 IP 192.168.1.1 > mochalla: ESP(spi=0xc9a37c21,seq=0x1d), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:32.325385 IP mochalla > 192.168.1.1: ESP(spi=0x2816000e,seq=0xa), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:32.325675 IP 192.168.1.1 > mochalla: ESP(spi=0xc9a37c21,seq=0x1e), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:33.349423 IP mochalla > 192.168.1.1: ESP(spi=0x2816000e,seq=0xb), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:33.349699 IP 192.168.1.1 > mochalla: ESP(spi=0xc9a37c21,seq=0x1f), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:34.373418 IP mochalla > 192.168.1.1: ESP(spi=0x2816000e,seq=0xc), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:34.373637 IP 192.168.1.1 > mochalla: ESP(spi=0xc9a37c21,seq=0x20), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:35.397405 IP mochalla > 192.168.1.1: ESP(spi=0x2816000e,seq=0xd), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:35.397704 IP 192.168.1.1 > mochalla: ESP(spi=0xc9a37c21,seq=0x21), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:36.421384 IP mochalla > 192.168.1.1: ESP(spi=0x2816000e,seq=0xe), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:36.421756 IP 192.168.1.1 > mochalla: ESP(spi=0xc9a37c21,seq=0x22), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:37.445419 IP mochalla > 192.168.1.1: ESP(spi=0x2816000e,seq=0xf), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:37.445743 IP 192.168.1.1 > mochalla: ESP(spi=0xc9a37c21,seq=0x23), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:38.469436 IP mochalla > 192.168.1.1: ESP(spi=0x2816000e,seq=0x10), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:38.469731 IP 192.168.1.1 > mochalla: ESP(spi=0xc9a37c21,seq=0x24), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:39.493356 IP mochalla > 192.168.1.1: ESP(spi=0x2816000e,seq=0x11), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:39.493734 IP 192.168.1.1 > mochalla: ESP(spi=0xc9a37c21,seq=0x25), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:40.517449 IP mochalla > 192.168.1.1: ESP(spi=0x2816000e,seq=0x12), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">18:54:40.517762 IP 192.168.1.1 > mochalla: ESP(spi=0xc9a37c21,seq=0x26), length 132<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">root@mochalla:~# sysctl -p<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">net.ipv4.ip_forward = 1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">net.ipv6.conf.all.forwarding = 1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">root@mochalla:~# iptables-save<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"># Generated by iptables-save v1.8.4 on Wed Jan 26 18:57:04 2022<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">*filter<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:INPUT ACCEPT [1438:141334]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:FORWARD ACCEPT [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:OUTPUT ACCEPT [1780:162854]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-after-forward - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-after-input - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-after-logging-forward - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-after-logging-input - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-after-logging-output - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-after-output - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-before-forward - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-before-input - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-before-logging-forward - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-before-logging-input - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-before-logging-output - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-before-output - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-logging-allow - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-logging-deny - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-not-local - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-reject-forward - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-reject-input - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-reject-output - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-skip-to-policy-forward - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-skip-to-policy-input - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-skip-to-policy-output - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-track-forward - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-track-input - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-track-output - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-user-forward - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-user-input - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-user-limit - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-user-limit-accept - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-user-logging-forward - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-user-logging-input - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-user-logging-output - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">:ufw-user-output - [0:0]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">COMMIT<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">I am not sure why the ping packets are not getting forwarded to the ens224 interface. Though the ipv4 forwarding option is set, I observe that the FORWARD chain counter is not
increasing. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif">Am I missing something basic here? Any pointers are deeply appreciated.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif;mso-fareast-language:EN-GB">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Baskerville",serif;mso-fareast-language:EN-GB">Mohit<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>