[strongSwan] Restricting protocol and port numbers question
Tobias Brunner
tobias at strongswan.org
Fri Sep 4 10:25:32 CEST 2020
Hi Makarand,
> All the same, the packets are not pushed into the tunnel:
>
> ping 192.168.9.3 -I 10.10.9.4
> PING 192.168.9.3 (192.168.9.3) from 10.10.9.4 : 56(84) bytes of data.
> ping: sendmsg: Network is unreachable
> ping: sendmsg: Network is unreachable
>
> The ip xfrm policy seems to be correct:
> src 192.168.9.0/24 dst 10.10.9.0/24 proto icmp
> dir fwd priority 375167 ptype main
> tmpl src 172.16.31.1 dst 172.16.31.2
> proto esp reqid 1 mode tunnel
>
> Would highly appreciate if anyone can point the error in my configuration?
No routes are installed in table 220 for policies with port/protocol
restrictions. So make sure you have routes installed that allow to
reach the remote networks.
Regards,
Tobias
More information about the Users
mailing list