[strongSwan] IPSec tunnel for port based TS not working

Martin Willi martin at strongswan.org
Fri Jun 1 12:55:21 CEST 2012


> Once the tunnel is established,  SSH packet is getting encrypted and
> is working fine. But if I try to reach the server via any other proto
> like ICMP (ping), I'm not getting the reply on the client side.

How does your configuration look like? Do you use a virtual IP assigned
to the client?

Please be aware that strongSwan installs routes for IPsec tunnels (with
IKEv2 in routing table 220). This route does not respect any port
information, but addresses only, hence you'll end up with a route
covering all traffic to your server. Depending on your setup, this might
prevent non-IPsec traffic to get routed properly.


More information about the Users mailing list