Hi Paul I tried the above step and a few other possibilities too, but there is no change in result
000 #8: "PLSUBNET":4500 STATE_V2_ESTABLISHED_IKE_SA (established IKE SA); EVENT_SA_REKEY in 26251s; newest ISAKMP; idle; 000 #9: "PLSUBNET":4500 STATE_V2_ESTABLISHED_CHILD_SA (IPsec SA established); EVENT_SA_REKEY in 26637s; newest IPSEC; eroute owner; isakmp#8; idle; 000 #9: "PLSUBNET" [email protected] [email protected] [email protected] [email protected] Traffic: ESPin=5KB ESPout=0B! ESPmax=0B I use nftables on the machine and I added the equivalent command, but to no avail. Also for an experiment's sake, I disabled the NAT function on that machine and kept only the filter ruleset, but even that did not change anything. Thanks, best regards Udai On Fri, 18 Nov 2022 at 21:37, Paul Wouters <[email protected]> wrote: > On Fri, 18 Nov 2022, Kumar P S Udai wrote: > > > One is at the HO establishing connection to three other branch offices, > while all three are > > getting connected, at one branch office the public IP is not configured > on the machine directly, > > but on an external vendor's router. Initially I had trouble > establishing connection to this unit, > > but after a lot of reading and config change, the connection is getting > established now, but I > > cannot ping or reach each other. Attaching the config details FYI > please. Would appreciate any > > help from the community. > > > ON MACHINE PLUTO > > > 000 #45: "PLSUBNET" [email protected] [email protected] > [email protected] > > [email protected] Traffic: ESPin=1KB ESPout=0B! ESPmax=0B > > Note traffic coming in, but no traffic going out. > > > ON MACHINE EUROPA > > > 000 #6276: "PLUTOSUBNET" [email protected] [email protected] > [email protected] [email protected] > > Traffic: ESPin=0B ESPout=1KB! ESPmax=0B > > 000 > > traffic going out, but no traffic coming in. > > I suspect that on machine PLUTO, there is a NAT rule that ends up NATing > the traffic before it gets to be IPsec'ed > > On PLUTO try: > > iptables -I FORWARD -t nat -s 192.168.14.0/24 -d 192.168.1.0/24 -j RETURN > > Paul >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
