[strongSwan] Kernel drops all client Packages with virtual IP
Bharath Kumar
cbkumar at gmail.com
Wed Jan 2 01:06:23 CET 2013
What is the log message in say /var/log/messages ?
Also, please post the output of
Ip xfrm policy
Ip xfrm state
Ipsec statusall
Thanks,
Bharath Kumar
On Tuesday, January 1, 2013, richard -rw- weinberger wrote:
> Hi!
>
> On my RHEL6 system (strongswan 4.6.4) I'm using the following setup:
> http://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29
>
> The client can connect to the server and gets a virtual IP assigned.
> But the Kernel seems to drop the packets from the client immediately.
>
> server config:
> conn ios
> keyexchange=ikev1
> authby=xauthrsasig
> xauth=server
> left=%defaultroute
> leftsubnet=0.0.0.0/0
> leftcert=serverCert.pem
> leftfirewall=yes
> right=%any
> rightsubnet=10.99.0.0/24
> rightsourceip=10.99.0.2
> rightcert=clientCert.pem
> pfs=no
> auto=add
>
> Using tcpdump I can see Packets from 10.99.0.2 but Linux seems to drop
> them while routing them.
> If I install an iptables LOG rule into the PREROUTING chain, iptables
> logs the packet. Later (E.g. in FORWARD) they do no longer exist.
>
> Do I need to install any IP out of 10.99.0.0/24 on my server?
> Or is there anything else which needs to be done on the Linux side
> which is not covered by the above tutorial?
> Before I start debugging on kernel level I'd like to verify that I'm
> not missing something obvious...
>
> Thanks,
> //richard
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org <javascript:;>
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130101/9f7cc773/attachment.html>
More information about the Users
mailing list