[strongSwan] StrongSwan w/ multiple local subnets.
tobias at strongswan.org
Mon Jun 22 10:08:52 CEST 2020
> ipsec0 receives the packet from the ping request but nothing comes back:
Is there any particular reason you are using the kernel-libipsec plugin
(see )? You might want to try just using kernel-netlink.
> Jun 19 19:57:07 10[KNL] error installing route with policy 10.3.0.0/24
> === 10.10.0.0/24 out
> Jun 19 19:57:07 10[IKE] unable to install IPsec policies (SPD) in kernel
> Jun 19 19:57:07 10[IKE] failed to establish CHILD_SA, keeping IKE_SA
The kernel-libipsec plugin currently requires an IP address in the local
traffic selector to install a route, otherwise you get that error.
> Of interest, are these messages:
> charon: 10[ESP] no matching outbound IPsec policy for 100.100.100.100 ==
On obvious result from the above errors to install the policies.
More information about the Users