On Fri, 18 Nov 2022, Kumar P S Udai wrote:
One is at the HO establishing connection to three other branch offices, while all three are getting connected, at one branch office the public IP is not configured on the machine directly, but on an external vendor's router. Initially I had trouble establishing connection to this unit, but after a lot of reading and config change, the connection is getting established now, but I cannot ping or reach each other. Attaching the config details FYI please. Would appreciate any help from the community.
ON MACHINE PLUTO
000 #45: "PLSUBNET" [email protected] [email protected] [email protected] [email protected] Traffic: ESPin=1KB ESPout=0B! ESPmax=0B
Note traffic coming in, but no traffic going out.
ON MACHINE EUROPA
000 #6276: "PLUTOSUBNET" [email protected] [email protected] [email protected] [email protected] Traffic: ESPin=0B ESPout=1KB! ESPmax=0B 000
traffic going out, but no traffic coming in. I suspect that on machine PLUTO, there is a NAT rule that ends up NATing the traffic before it gets to be IPsec'ed On PLUTO try: iptables -I FORWARD -t nat -s 192.168.14.0/24 -d 192.168.1.0/24 -j RETURN Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
