Re: [Swan] cannot get traffic to lan when using xauth and pool address is on lan segment

Tuomo Soini Tue, 18 Apr 2017 01:12:08 -0700

On Mon, 17 Apr 2017 19:04:54 +0200
Antonio Silva <[email protected]> wrote:


> ok, so there is something i'm doing badly...
> 
> after ping the ip assign to the client i print the arp entires and
> for the ip address in question there is no arp entry, and it suppose
> to be with mac address of the server...
> 
> # ping 192.168.10.206
> PING 192.168.10.206 (192.168.10.206) 56(84) bytes of data.
> 64 bytes from 192.168.10.206: icmp_seq=1 ttl=64 time=509 ms
> 64 bytes from 192.168.10.206: icmp_seq=2 ttl=64 time=72.0 ms
> 
> 
> # arp | grep 192.168.10.206

Proxy arp doesn't work for pure ipsec. You need to add forced routing
to clients because proxyarp only works if there is host route to client.

    leftupdown="ipsec _updown.netkey --route yes"

Or use leftsourceip=<gateway-lan-ip>.

-- 
Tuomo Soini <[email protected]>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Re: [Swan] cannot get traffic to lan when using xauth and pool address is on lan segment

Reply via email to