[strongSwan] Passthrough Connection

Noel Kuntze noel at familie-kuntze.de
Fri Sep 4 19:34:33 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Christian,

I doubt that. A passthrough policy tells the XFRM part of the kernel to *not* do any IPsec processing
for the matching packets. That means that it does *not* touch the packets. The *only* thing a passthrough policy
in strongSwan does is install passthrough policies into the SPD.

> I have a VPN-Gateway with a local subnet of 10.1.13.0/24 and IP 10.1.13.1. Than this Gateway should
> connect with another subnet (10.1.0.0/16) via strongswan. The problem now is that clients in the local
> lan (10.1.13.0/24) should can ping the gateway at 10.1.13.1 but > that is not working at the moment.
> For me it seems to be the passthrough connection…

Can you reach the other hosts using DPD?
Make sure that your firewall rules don't drop or reject the packets.

- -- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV6dYpAAoJEDg5KY9j7GZYrvwP/jNFsRWnNFecmLtR1Ek1IE3u
AEf8yDnxB9PrmRwCkihlIemgHb2+Nd5hk6K9bJZAa5CKkDO3bG2HOmnlPT62wZDs
tFI5VWMK0bi3pReAer4glAivsXl0BpO6qxmasvYVdtmktgY1FxVqhW7hSeSf0yrf
lMN6oWMKG2uZeQEApkFabt1u9nHGmkrLfmVT76N5IS3E4a3Q08id0H7lf4qSQnAv
gT0l0v1Up8faF2KkV5OnvK9t7VI8VuLv+rJwkuvxdSPxzVR5x2ZAItgOCPTT5yau
0OJDtj2JjCvXrFWWuJPUDkrWaHUpVPYqOrlcmxEz4l/R7RtSkSp6G3IsAH6E8U/9
YqZh382bo4guESsgZdxu6ADdgO9TnAy9tr2eB6AATFQ4xnOJPjL244n87L2wXIPn
9TIeO2Sdm7Q9qh1I8pI9MPV1bIwYS3TskG6Ml4fivwkGTiGrXMGSfMgWldaUm9L+
DjXUdN7wRyc85wJVQ8wygog+epLyDlJI9obimuI9EycHT1937oMih4v1mR3RSBEi
8dwDK5al7nsb7mtNKznaY7iCcDo9qZBEePDmdq/NWm3z7lg2wTJLsBHU0FsopqmC
4aLivmUlQDqVY7iuWnDb3Ny1Rd1GACPKOj4pMh45/3QJ4n+sSh9I3qOlcPbIzPW3
rsacR2wZZ6lV+qBePriM
=bA3h
-----END PGP SIGNATURE-----



More information about the Users mailing list