[strongSwan] Net-to-Net wrong source IP of VPN server.

Tobias Brunner tobias at strongswan.org
Mon May 2 14:19:16 CEST 2016


Hi Lukas,

> But when I do ping to host that is obviously running and has firewall 
> with any/any allow:
> # ping 192.168.1.54
> PING 192.168.1.54 (192.168.1.54): 56 data bytes
> ^C
> --- 192.168.1.54 ping statistics ---
> 7 packets transmitted, 0 packets received, 100% packet loss
> #
> 
> when I run tcpdump on same system I can see:
> 
> # tcpdump -i any -n icmp
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 
> bytes
> 12:47:09.671920 IP 1.2.3.4 > 192.168.1.54: ICMP echo request, id 8565, 
> seq 0, length 64

Any NAT configured on this host (e.g. from 192.168.1.0/24 to 1.2.3.4)?
If so, have a look at [1].

Regards,
Tobias

[1]
https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling



More information about the Users mailing list