[strongSwan] Passthrough Connection
Christian Hanster
christian-hanster at gmx.de
Fri Sep 4 17:38:47 CEST 2015
Hi Noel,
unfortunately I cannot stop using overlapping subnets because the idea is to route the whole internet traffic. I only took other subnets to reduce the complexity a little bit. Actually I have now taken the log a little bit under investigation and it seems that the passthrough-connection is not installed right:
received stroke: add connection 'passthrough'
Sep 4 17:15:26 pceapu-2 charon: 09[CFG] left nor right host is our side, assuming left=local
Sep 4 17:15:26 pceapu-2 charon: 09[CFG] added configuration 'passthrough'
Sep 4 17:15:26 pceapu-2 charon: 10[CFG] received stroke: route 'passthrough'
Sep 4 17:15:26 pceapu-2 charon: 10[KNL] unable to install source route for 10.1.13.1
What I do not understand is, why it is not possible to determine our side because there is only one interface with 10.1.13.0/24. What I now take to consideration is that perhaps strongswan cannot handle this new naming of interfaces. On this router the interfaces are named like p4p1 and p5p1. That I actually do not know. Do you know more?
OS: Ubuntu 14.04 and strongswan 5.1.2.
Kind regards or viele Grüße :)
Christian Hanster
> On 03 Sep 2015, at 21:17, Noel Kuntze <noel at familie-kuntze.de> wrote:
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello Christian,
>
> Make sure that any NAT rules don't break the tunnel,
> that your routes on any hosts don't route traffic anywhere else
> and stop using overlapping subnets, if you can.
> - --
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJV6JzlAAoJEDg5KY9j7GZYyKEQAJy0lN588igPKNjFGoKBHmd9
> sMrbjG5YRfP57azZk3xVJfR0el6fr/WgOVo7zdIjK137eVPfpfyHggpgj+WMlyy1
> +P69PoxjK1biZ8c4sJ3tAX7DXcDsr3a/Kge8FW71ETBixQM29XBG7d9s23sIwEss
> rdMCwVDvwH2KiYojOgBTNhYQT07Vfe3y0ZTGJswfuMcW+v3FeqKJoLlVFJRqnV55
> AB7vFtPZ0CW9xx1ATG/tQfQroy4Efx+ykBdvawnF5Iw6eU8yTQGgSv5Oi1LxlBOJ
> 2P7jTRaFrWCSm1WiaYriB2Tz57H47NwekCOVJ+t8IxALvPJn1v4hRzMbRF8aCCak
> gG7RBW5+iueD5RAg2IhF3vHOaaDqrxhs289olIjHiDRfaEzVJYWFMJQBCEV1e+9R
> J4lQCT7rp29kOdPFxTuOU9RpC1yqRKDW/qz8TFXgP6SgEuO3w/Ft264iyYmQrP1Z
> utKlPiDhx0H+JXD5I6zhOxjhkPuFqeTX5xUsN40VQ88pLK0ZujP/9W7hbdb5mWkA
> Uks3O0J2WHU7Wz059R/wXkv2PJS762uG8KwSXcY41rcmvToNH3enjlsApqgWfhBo
> yA1iX4q8X4bylTRTAq8Ozt2HeA5ddV0QpumJ9ssQvS43udJHjOzuZWDrJDyZ2C2o
> rKoU8F0kofHBGlaviS+C
> =onju
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150904/12defc0f/attachment.html>
More information about the Users
mailing list