[strongSwan] Subnet selector question

Makarand Pradhan MakarandPradhan at is5com.com
Thu Jan 28 18:33:21 CET 2021

GM Everyone,

Am trying to selectively push icmp traffic into the tunnel. Am missing something, would appreciate any pointers.

(PC1 <---> Router <-Tunnel-> Router <---> ( PC 2)

Ipsec.conf: I'm permitting only icmp in []

Issue: Ping fails.

Tunnel status:
sh-4.3# ipsec status
Routed Connections:
          m1{1}:  ROUTED, TUNNEL, reqid 1
          m1{1}:[icmp] ===[icmp]
Security Associations (1 up, 0 connecting):
          m1[1]: ESTABLISHED 3 seconds ago,[]...[]
          m1{2}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: c7b29cc2_i ca9ed38c_o
          m1{2}:[icmp] ===[icmp]

I notice that the ARP request is not answered.

When I do not specify icmp, everything works. I think strongswan responds to the ARP. Don't see it with icmp filter.

Thanks for looking.

Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1-226-501-5666
Email: makarandpradhan at is5com.com
Website: www.iS5Com.com

Confidentiality Notice: 
This message is intended only for the named recipients. This message may contain information that is confidential and/or exempt from disclosure under applicable law. Any dissemination or copying of this message by anyone other than a named recipient is strictly prohibited. If you are not a named recipient or an employee or agent responsible for delivering this message to a named recipient, please notify us immediately, and permanently destroy this message and any copies you may have. Warning: Email may not be secure unless properly encrypted.

More information about the Users mailing list