On Sun, Jan 18, 2015 at 09:39:27AM +0000, Phil Daws wrote: > I have tried with 10.1.10.1 on the left and 10.2.10.1 on the right but still > the same issue. What ever source IP I use it still achieves the same result. > As I have a VPN terminating within the gateway if I try and connect to a > remote node on the 10.2.10.0/24 network I see the traffic arrive on the VPN > interface: > > 09:34:44.716178 IP 172.16.10.2.63788 > 10.2.10.10.22: Flags [S], seq > 915452653, win 65535, options [mss 1368,nop,wscale 0,nop,nop,sackOK], length 0 > > and it is being routed to the correct interface as per the routing table: > > 10.2.0.0/16 dev eth0 scope link src 10.1.10.1 > > but then it hits eth0 without being sent down the tunnel by the looks of it ? > > 09:12:31.908884 IP 37.XXX.XXX.XXX.63332 > 10.2.10.10.22: Flags [S], seq > 1092218068, win 65535, options [mss 1368,nop,wscale 0,nop,nop,sackOK], length > 0 > 09:12:34.918210 IP 37.XXX.XXX.XXX.63332 > 10.2.10.10.22: Flags [S], seq > 1092218068, win 65535, options [mss 1368,nop,wscale 0,nop,nop,sackOK], length > 0 > > surely something must be fundamentally wrong with the configuration ? :(
Often it helps to completely get rid of the firewall while testing, in case you screwed it up. Without seeing the entire firewall config it is hard to say. -- Len Sorensen _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
