[strongSwan] Wrong traffic selecting on local side.
jaehong.park at illumio.com
Mon Aug 7 17:45:58 CEST 2017
That make sense a lot.
Here is another question.
If I split these into
Server side ( IP address is 10.6.3.187)
Client side (IP address is 10.6.3.188)
And if I do udp iperf3 testing on port 4001, from client to server
Somehow the all the SA is up and TCP control packets flows but not the UDP data traffic.
Is there a known issue with this configuration with certain kernel that you are aware of?
I am using CentOS 6.6
On Aug 7, 2017, at 2:26 AM, Tobias Brunner <tobias at strongswan.org<mailto:tobias at strongswan.org>> wrote:
This is the charon.log with debug level 2, when the problem happens.
At the end of selecting ts for us, it picks tcp_udp_4001 instead of
Is this a bug?
Not really. The tcp_udp_4001 connection allows any protocol, so when
the peer proposes ICMP that's perfectly acceptable. The port 4001 is
interpreted as ICMP type and code in the upper and lower bytes, i.e. 15
and 161, respectively. And this type of narrowing is perfectly fine.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users