[strongSwan] Kernel drops all client Packages with virtual IP
richard -rw- weinberger
richard.weinberger at gmail.com
Tue Jan 1 13:13:57 CET 2013
Hi!
On my RHEL6 system (strongswan 4.6.4) I'm using the following setup:
http://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29
The client can connect to the server and gets a virtual IP assigned.
But the Kernel seems to drop the packets from the client immediately.
server config:
conn ios
keyexchange=ikev1
authby=xauthrsasig
xauth=server
left=%defaultroute
leftsubnet=0.0.0.0/0
leftcert=serverCert.pem
leftfirewall=yes
right=%any
rightsubnet=10.99.0.0/24
rightsourceip=10.99.0.2
rightcert=clientCert.pem
pfs=no
auto=add
Using tcpdump I can see Packets from 10.99.0.2 but Linux seems to drop
them while routing them.
If I install an iptables LOG rule into the PREROUTING chain, iptables
logs the packet. Later (E.g. in FORWARD) they do no longer exist.
Do I need to install any IP out of 10.99.0.0/24 on my server?
Or is there anything else which needs to be done on the Linux side
which is not covered by the above tutorial?
Before I start debugging on kernel level I'd like to verify that I'm
not missing something obvious...
Thanks,
//richard
More information about the Users
mailing list