[strongSwan] Net-to-Net wrong source IP of VPN server.
Tobias Brunner
tobias at strongswan.org
Mon May 2 14:19:16 CEST 2016
Hi Lukas,
> But when I do ping to host that is obviously running and has firewall
> with any/any allow:
> # ping 192.168.1.54
> PING 192.168.1.54 (192.168.1.54): 56 data bytes
> ^C
> --- 192.168.1.54 ping statistics ---
> 7 packets transmitted, 0 packets received, 100% packet loss
> #
>
> when I run tcpdump on same system I can see:
>
> # tcpdump -i any -n icmp
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
> bytes
> 12:47:09.671920 IP 1.2.3.4 > 192.168.1.54: ICMP echo request, id 8565,
> seq 0, length 64
Any NAT configured on this host (e.g. from 192.168.1.0/24 to 1.2.3.4)?
If so, have a look at [1].
Regards,
Tobias
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
More information about the Users
mailing list