[strongSwan] Passthrough Connection

Randy Wyatt rwwyatt01 at gmail.com
Fri Sep 4 19:54:10 CEST 2015


Isn't there a problem that you are adding overlapping routes?  10.1.0.0/16
covers 10.1.13.0/24.  I think you need a MAST stack for this.

On Fri, Sep 4, 2015 at 10:51 AM, Christian Hanster <christian-hanster at gmx.de
> wrote:

> Hello Noel,
>
> the arping is working:
> arping -I p5p1 -D 10.1.13.100
> ARPING 10.1.13.100 from 0.0.0.0 p5p1
> Unicast reply from 10.1.13.100 [00:25:4B:CD:F4:64]  0.984ms
> Sent 1 probes (1 broadcast(s))
> Received 1 response(s)
>
> In the meantime I have completely reinstalled the Gateway with a fresh
> Ubuntu 14.04. That did not solve the problem. Than I changed the log level
>  of charon and there is something really strange:
>
>  received stroke: add connection 'passthrough'
> Sep  4 19:38:55 pceapu-2 charon: 08[CFG] left nor right host is our side,
> assuming left=local
> Sep  4 19:38:55 pceapu-2 charon: 08[CFG] added configuration 'passthrough'
> Sep  4 19:38:55 pceapu-2 charon: 10[CFG] received stroke: route
> 'passthrough'
> Sep  4 19:38:55 pceapu-2 charon: 10[KNL] adding policy 10.1.13.0/24 ===
> 10.1.13.0/24 out  (mark 0/0x00000000)
> Sep  4 19:38:55 pceapu-2 charon: 10[KNL] adding policy 10.1.13.0/24 ===
> 10.1.13.0/24 in  (mark 0/0x00000000)
> Sep  4 19:38:55 pceapu-2 charon: 10[KNL] adding policy 10.1.13.0/24 ===
> 10.1.13.0/24 fwd  (mark 0/0x00000000)
> Sep  4 19:38:55 pceapu-2 charon: 10[KNL] getting a local address in
> traffic selector 10.1.13.0/24
> Sep  4 19:38:55 pceapu-2 charon: 10[KNL] using host 10.1.13.1
> Sep  4 19:38:55 pceapu-2 charon: 10[KNL] using 192.168.1.1 as nexthop to
> reach %any
> Sep  4 19:38:55 pceapu-2 charon: 10[KNL] 10.1.13.1 is on interface p5p1
> Sep  4 19:38:55 pceapu-2 charon: 10[KNL] installing route: 10.1.13.0/24
> via 192.168.1.1 src 10.1.13.1 dev p5p1
> Sep  4 19:38:55 pceapu-2 charon: 10[KNL] getting iface index for p5p1
> Sep  4 19:38:55 pceapu-2 charon: 10[KNL] received netlink error: Network
> is unreachable (101)
> Sep  4 19:38:55 pceapu-2 charon: 10[KNL] unable to install source route
> for 10.1.13.1
>
> For me it seems like a bug that Strongswan wants to add a route with a
> next hop in a passthrough connection. At the moment I’m not completely but
> it seems to produce the error because this route does not makes in my eyes
> any sense as 192.168.1.1 is reachable via p4p1 interface.
>
> Kind regards
> Christian Hanster
>
> On 04 Sep 2015, at 19:35, Noel Kuntze <noel at familie-kuntze.de> wrote:
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Sorry, meant ARP, not DPD.
> arping -I eth0 -D <IP>
>
> - --
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJV6dZHAAoJEDg5KY9j7GZY2/4P+wQsKYoPaYesMCkTGzvlmy4O
> R4Hq7TLsVekuBakLxxptrt3IE8T2XvTaV2wp16qtIul45SGwHH+34W3RD0IeQJEf
> 8jc3kmuxdeszi9xVxo4HUDf72aBtZOos1v6Wt8UT30Syf2IBLPD1tdSUdlVIrX5X
> 5EVG0/AukWHf0aAZXHi41V6H7wBd6UTd1P9i828OFzYx/4Nz06OK7RR2qV1jPP/g
> 6Bgap0BnfxIc47Hs8CEZWtEMVQaCWfzCSEFAjsyymVNUZVnh2Tt4xRDJPPqoGGmQ
> yoailqdIspZ3AeYmYzcC85/nRCKrjmdTcFXaJ5crEYQ9frjzcIQJ/f+qHLy5d9+J
> 7JLVoEnFPBr2KwUqSJWlt0PhOwfnd4N5D3X5buwNl6+rBpfjgAjKZTvHWMeBc3IB
> OJ2V+0TWb1J+5C2wJaH70MhK6QE5hXFNfg7hGmpGOIGybFksJ2hmnZtN2iuudKaH
> sHapGdwMMQg3noVJPiZ7jDRVQM4sSuW/7TlrxGLOi+ghLFH9HL8zdQYSU1NmQSC8
> v15QmJ+1LMBB/x6gct7yZRci8NtA6fjxK3tMMi9ocqeMES4ix1TA25eFrN+V9mtP
> 4K8SM3CJVf3cXTZK+99T9tnq2/raCsw5X57WXxjSZTGh/+F8k4O3pK8w16FJXfvM
> b2+VSGM+vzncYRH7QZFw
> =PFQz
> -----END PGP SIGNATURE-----
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150904/2107b9e9/attachment.html>


More information about the Users mailing list