[strongSwan] farp and ndp proxy not working
rob.dyck at telus.net
Tue Nov 20 00:48:17 CET 2018
Since upgrading the strongswan server using the Fedora upgrade method ( 28 to
29, strongswan now 5.7.1 ) I have no success sending traffic through the VPN.
Before sending huge amounts of data to the list I am looking for suggestions
to help me debug this myself.
The configuration hasn't changed. My rather simple road warrior setup which
had been working now doesn't. The tunnel comes up without errors. I see the
ESP keep alive traffic. To me everything looks good such as statusall, routing
table, iptables and there are no error logs. When I send pings from the RW I
see the spike in ESP traffic which does not seem to get routed.
The heart of the issue seems to be farp and ndp proxy. When contacting an IP
address the system first tries to associate it with an interface using arp or
address solicitation in the case of ipv6. With Wireshark I see only requests
but no responses. Farp does appear on the list of of plugins and for ipv6 I
have a modified _updown that configures ndp proxy. Ndp proxy is enabled in
sysctl for all and for the specific interface. There is only one interface. I
checked forwarding in sysctl as well.
Suggestions? which debug configuration to use?
More information about the Users