[strongSwan] Question about source route
Tobias Brunner
tobias at strongswan.org
Wed Aug 21 09:27:01 CEST 2013
Hi,
> On debugging, I noticed that Strongwan on the gateway detects that there
> is a NAT and tries to detect NAT mapping changes via DPD. The pkt that
> it sends out however
> has a source address of 192.168.1.1, which cannot reach the 10.8.14.111
> address. It should have used the 192.168.10.8 address instead.
If that's the case your routing setup might be incorrect. strongSwan
uses the system's routing tables (all but 220) to determine a source
address to reach the peer. If it used 192.168.1.1 it did so for a
reason, that is, there was a route that indicated the possibility to
reach 10.8.14.111 via that address (or it actually received a packet on
that address). You should have a look at the logs when this happens,
which might give you some idea why it changed the address (try
increasing the log level for the KNL log group to 2, see [1]).
Regards,
Tobias
[1] http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
More information about the Users
mailing list