[strongSwan] routing/firewall

Christian Huldt christian at solvare.se
Mon Dec 9 12:50:25 CET 2013

I believe that should be automatic?
Also, is not that for ikev2?

As we have no problems connecting to hosts on the lan from clients
connected from the outside, I believe that arp should be working?

(Many question marks as everything of course is AFAIK...)

Noel Kuntze skrev 2013-12-09 12:32:
> Hello Christian,
> You need to use the "farp" plugin, if you use the IP from your LAN 
> subnet. Otherwise the router on the LAN won't be able to resolve 
> the IPs to MAC addresses. The "farp" plugin solves this issue by 
> spoofing arp responses.
> Regards Noel Kuntze
> Am 09.12.2013 12:28, schrieb Christian Huldt:
>> I have on (old) openswan gateway with ipsec-psk and l2tp and one
>>  strongswan 5.1.1 with ikev1 with certificates for users to 
>> connect to.
>> I must however be doing something wrong as users connected to 
>> strongswan cannot connect to internet, while users connected to 
>> openswan has no problems at all.
>> Apart from the ipsec implementation most things are equal, 
>> including to firewall rules - in fact, strongswan replace 
>> openswan that worked just like the remaining openswan gateway.
>> tcpdump shows packets going out but not coming in, IPs are 
>> provided by dhcp for strongswan, while openswan has a separate 
>> subnet...
>> What is the best way to debug this?
>> _______________________________________________ Users mailing 
>> list Users at lists.strongswan.org 
>> https://lists.strongswan.org/mailman/listinfo/users

Christian Huldt

More information about the Users mailing list