[strongSwan] Passthrough Connection

Christian Hanster christian-hanster at gmx.de
Fri Sep 4 17:38:47 CEST 2015 

Hi Noel,

unfortunately I cannot stop using overlapping subnets because the idea is to route the whole internet traffic. I only took other subnets to reduce the complexity a little bit. Actually I have now taken the log a little bit under investigation and it seems that the passthrough-connection is not installed right: 
received stroke: add connection 'passthrough'
Sep  4 17:15:26 pceapu-2 charon: 09[CFG] left nor right host is our side, assuming left=local
Sep  4 17:15:26 pceapu-2 charon: 09[CFG] added configuration 'passthrough'
Sep  4 17:15:26 pceapu-2 charon: 10[CFG] received stroke: route 'passthrough'
Sep  4 17:15:26 pceapu-2 charon: 10[KNL] unable to install source route for 10.1.13.1

What I do not understand is, why it is not possible to determine our side because there is only one interface with 10.1.13.0/24. What I now take to consideration is that perhaps strongswan cannot handle this new naming of interfaces. On this router the interfaces are named like p4p1 and p5p1. That I actually do not know. Do you know more? 

OS: Ubuntu 14.04 and strongswan 5.1.2.

Kind regards or viele Grüße :) 
Christian Hanster
> On 03 Sep 2015, at 21:17, Noel Kuntze <noel at familie-kuntze.de> wrote:
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Hello Christian,
> 
> Make sure that any NAT rules don't break the tunnel,
> that your routes on any hosts don't route traffic anywhere else
> and stop using overlapping subnets, if you can.
> - -- 
> 
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
> 
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> 
> iQIcBAEBCAAGBQJV6JzlAAoJEDg5KY9j7GZYyKEQAJy0lN588igPKNjFGoKBHmd9
> sMrbjG5YRfP57azZk3xVJfR0el6fr/WgOVo7zdIjK137eVPfpfyHggpgj+WMlyy1
> +P69PoxjK1biZ8c4sJ3tAX7DXcDsr3a/Kge8FW71ETBixQM29XBG7d9s23sIwEss
> rdMCwVDvwH2KiYojOgBTNhYQT07Vfe3y0ZTGJswfuMcW+v3FeqKJoLlVFJRqnV55
> AB7vFtPZ0CW9xx1ATG/tQfQroy4Efx+ykBdvawnF5Iw6eU8yTQGgSv5Oi1LxlBOJ
> 2P7jTRaFrWCSm1WiaYriB2Tz57H47NwekCOVJ+t8IxALvPJn1v4hRzMbRF8aCCak
> gG7RBW5+iueD5RAg2IhF3vHOaaDqrxhs289olIjHiDRfaEzVJYWFMJQBCEV1e+9R
> J4lQCT7rp29kOdPFxTuOU9RpC1yqRKDW/qz8TFXgP6SgEuO3w/Ft264iyYmQrP1Z
> utKlPiDhx0H+JXD5I6zhOxjhkPuFqeTX5xUsN40VQ88pLK0ZujP/9W7hbdb5mWkA
> Uks3O0J2WHU7Wz059R/wXkv2PJS762uG8KwSXcY41rcmvToNH3enjlsApqgWfhBo
> yA1iX4q8X4bylTRTAq8Ozt2HeA5ddV0QpumJ9ssQvS43udJHjOzuZWDrJDyZ2C2o
> rKoU8F0kofHBGlaviS+C
> =onju
> -----END PGP SIGNATURE-----
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150904/12defc0f/attachment.html>

More information about the Users mailing list