[strongSwan] Cannot ping in tunnel

Hoggins! hoggins at radiom.fr
Wed Dec 7 18:00:20 CET 2016


I've flushed all my filter / mangle rules.
The only nat rule left is

    iptables -t nat -A POSTROUTING -o eth0.11 -j MASQUERADE

... eth0.11 being my "oustide" leg because this host acts as a router
for other subnets.

Should I do otherwise ?

Le 07/12/2016 à 17:51, Noel Kuntze a écrit :
> Hello Hoggins,
> Fix your iptables rules. Look at all the tables. Traffic flows through the different tables and chains. There's no special handling of IPsec packets.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161207/244c523c/attachment.sig>

More information about the Users mailing list