Hello all, I've to use a vpngate to connect some remote LANs. The gateway has no physical Adresses in some of these Lans. So there are IP routes needed to reach the target Network.
Normally with Kernel 2.6.x Strongswan doesn not set, and it seems not need, any IP Rules. With ip xfrm policy I see a policy for these Networks. But I cannot reach the Networks. As Reason I found out: On the vpngate runs an iptables Firewall too. Without the Route the Kernel anti spoofing protection drops the Paket. When I disable anti spoofing or add a ip route anything works fine Is there a way to prevent this behavior without manual adding an ip route or disable anti spoofing? TIA Ralf applied international informatics GmbH Sitz der Gesellschaft: Berlin; Registergericht: Berlin-Charlottenburg HRB 77891B Geschaeftsfuehrung: Josef Duermoser, Michael Bihn Wichtiger Hinweis: Diese E-Mail und etwaige Anlagen koennen Betriebs- oder Geschaeftsgeheimnisse oder sonstige vertrauliche Informationen enthalten. Sollten Sie diese E-Mail irrtuemlich erhalten haben, ist Ihnen der Status dieser E-Mail bekannt. Bitte benachrichtigen Sie uns in diesem Fall sofort durch Antwort-Mail und loeschen Sie diese E-Mail nebst etwaigen Anlagen von Ihrem System. Ebenso duerfen Sie diese E-Mail oder ihre Anlagen nicht kopieren oder an Dritte weitergeben. Vielen Dank! Important Note: This e-mail and any attachment are confidential and may contain trade secrets or otherwise protected from disclosure. If you have received it in error, you are on notice of its status. Please notify us immediately by reply e-mail and then delete this e-mail and any attachment from your system. If you are not the intended recipient please understand that you must not copy this e-mail or any attachment or disclose the contents to any other person. Thank you!
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
