Re: [strongSwan] Routing between two remote sites

> The iptables rules/nftables rules, specifically NAT rules also apply to > traffic that is supposed to be tunneled because the criteria the NAT rules > ususally have do not take into account if there are XFRM policies for the > packets or not. > I had previously added the postrouting rule to

Re: [strongSwan] Routing between two remote sites

> I'm sorry to say this but that was unnecessary because you can disable the > plugins in the configuration. You do not need to recompile anything. > Well it was a learning experience for me :) I looked in the stock EPEL configuration directories created for strongswan. /etc/strongswan/strongs

Re: [strongSwan] Routing between two remote sites

Thanks for the reply > Please provide me with the full debug information as shown on the HelpRequests > [1] page on the wiki. I can do this later today when I can go back and spend more time on this, at the moment I have to take care of other priorities. > Additionally, what distribution is th

Re: [strongSwan] Multiple CHILD_SA in one IKE_SA with same TS

Hi Marcel, I am connecting multiple XFRM interfaces, each being in a different VRF, between two servers running strongSwan 5.9.4. As I am running dynamic routing protocols over those XFRM interfaces, all traffic selectors of the CHILD_SAs have been set to 0.0.0.0/0 & ::/0. Now, the responde

Re: [strongSwan] Having forwarding issue in a basic StrongSwan setup

Hi On the Strongswan peer-gateway (ubuntu), try by adding the below before(preferably) or after the ipsec tunnel is up *root# ip route add 172.16.1.0/24 dev ens224 table 220* I think it will then start the forwarding of the inbound (after decryption) packets correctly as e