[strongSwan] Reverse path filter problem

Noel Kuntze noel at familie-kuntze.de
Fri Sep 5 09:19:03 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello list,

I use a seperate subnet (172.16.21.0/24) for my VPN clients and assign IP addresses to those with mode config.
The default router on my LAN (192.168.178.1) has a route to the VPN client subnet over the VPN server (192.168.178.48).
Sadly, the response packets from my hosts on the LAN (192.168.178.0/24) are dropped because strongSwan installs routes like that on the vpn endpoint (192.168.178.48) in the LAN:
172.16.21.0/24 via 192.168.178.1 dev br0  proto static  src 192.168.178.48

Because of this, the rp filter drops the packets. Is there a way to work around that without disabling the rp filter?

Regards,
Noel Kuntze


- -- 
GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJUCWPmAAoJEDg5KY9j7GZYVUIP/1Hv0bkrH3DV4eclyLff8s6T
oukKWzomibFU7oHDgJZUq/D4Sct19Cknsqxt37LbH1y5aOCLfiZ+Ke51djfjc5EM
b25pLIFt4TYPSWIs8EBm9xsuw7UAJFP4v7XsPO1QL8Ur5dBhzVyQ2FKJYDVPJnKm
MR2PsJW7znnxMewz5cMbgsaRecwwk3JjeA+xpjYJwYyJnP5hFVkNXjUznYzMEKBO
Y8y0M3fJ+d8zMfQRx8amb3Ww8CvSw44Zv98dd7j3qlt7+HzPLhFLDnPP2NyztVss
2WQNY+DfDtBMXusAK8ECUpRDVEdRa7lOiSKoWJ4l/7y8i8NQTD1ozHi8a1wFJWJv
AsvyhyG+oM2b6AeTaPSyHmK2u/lqrwMluIP0hmxcBm/kPGGmJe5dycZIXGZVFWCk
zN4PHevndcmFJW3FnLS3RFFhcHPW3QJLXTFkx5wGwSwZStKmpmnRyMrESn8TFpDV
0WYUSdMI49JoXIH2h6veltN7RClKjshHI4QJVHqWnqO2fAmHf0Xd3kN+GKxXc4Jl
f7oKyNJqQW+qn4amyR63c4eWG1GHemI71TpDNbSyg7/tsX7+80wIfxifoVzc2IrC
MOIiXkjuUaj1GYLTmovkR4XX7ZbTIrlXXEncazgdixyMYzTW/oajNx8cCgaacS3Y
G+iWwAIyulHJBJXnebbr
=MptF
-----END PGP SIGNATURE-----


More information about the Users mailing list