[strongSwan-dev] ClusterIP and Virtualization

Daniel Palomares palomaresdaniel at gmail.com
Mon May 27 18:34:17 CEST 2013

Thanks you very much for your answer Martin. This is exactly what happened.

However, now im facing troubles with the internal interface of the SG1.

The pings now passes through the security gateway, it reaches the server,
but then, when it comes back, it is blocked in the Security Gateway.

I have applied  the command "*echo 2 >
/sys/devices/virtual/net/<br>/brif/<if>/multicast_router*" on those vnet
where needed.

Do you know if Am I missing something? Does IPsec block the ping when it is
going back to the client?

Thanks again!


2013/5/27 Martin Willi <martin at strongswan.org>

> Hi Daniel,
> > when listening to the bridge (br0), we can also see the ICMP packets.
> > Unfortunately, when listening to vnet0 or, we see no ICMP
> > packets.
> Linux bridges do not forward all packets with a multicast MAC addresses
> anymore (see [1]).
> You can change the default behavior by using:
>  echo 2 > /sys/devices/virtual/net/<br>/brif/<if>/multicast_router
> Regards
> Martin
> [1]
> http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge#Snooping
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130527/d0f2d369/attachment.html>

More information about the Dev mailing list