[strongSwan] farp and ndp proxy not working

Robert Dyck rob.dyck at telus.net
Wed Nov 21 21:00:31 CET 2018

I added a rightsubnet entry at the server and brought up the tunnel. On the RW 
I added an IP on the subnet. I was able to ping the IP address from the 

On Monday, November 19, 2018 3:48:17 PM PST Robert Dyck wrote:
> Since upgrading the strongswan server using the Fedora upgrade method ( 28
> to 29, strongswan now 5.7.1 ) I have no success sending traffic through the
> VPN. Before sending huge amounts of data to the list I am looking for
> suggestions to help me debug this myself.
> The configuration hasn't changed. My rather simple road warrior setup which
> had been working now doesn't. The tunnel comes up without errors. I see the
> ESP keep alive traffic. To me everything looks good such as statusall,
> routing table, iptables and there are no error logs. When I send pings from
> the RW I see the spike in ESP traffic which does not seem to get routed.
> The heart of the issue seems to be farp and ndp proxy. When contacting an IP
> address the system first tries to associate it with an interface using arp
> or address solicitation in the case of ipv6. With Wireshark I see only
> requests but no responses. Farp does appear on the list of of plugins and
> for ipv6 I have a modified _updown that configures ndp proxy. Ndp proxy is
> enabled in sysctl for all and for the specific interface. There is only one
> interface. I checked forwarding in sysctl as well.
> Suggestions? which debug configuration to use?

More information about the Users mailing list