[strongSwan] transform policy without SPI?
Michael Schwartzkopff
ms at sys4.de
Tue Aug 16 13:17:59 CEST 2022
Hi,
we have a strange problem. After some time no VPN traffic is possible
any more. In the transform policy we see the connection but without SPIs
in "in" and "fwd" direction. An SPI does only exist for the "out"
direction. How is that possible?
# ip xfrm policy
src x.x.x.x/32 dst 192.2.0.0/24
dir out priority 371327
tmpl src x.x.x.x dst y.y.y.y
proto esp spi 0xed84fb0f reqid 1 mode tunnel
src 192.2.0.0/24 dst x.x.x.x/32
dir fwd priority 371327
tmpl src y.y.y.y dst x.x.x.x
proto esp reqid 1 mode tunnel
src 192.2.0.0/24 dst x.x.x.x/32
dir in priority 371327
tmpl src y.y.y.y dst x.x.x.x
proto esp reqid 1 mode tunnel
Mit freundlichen Grüßen,
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the Users
mailing list