Hi Paul
Double checked this, rp_filter is disabled on all interfaces and ipv4
forwarding is enabled. I use "nftables" on both ends and have double
checked to rules to ensure packets from both these sites have
bi-directional traffic enabled. In fact to rule out nftables, I flushed
all rules at both ends briefly for a min and tried to reach each other,
but there's no change in status.
Thanks, best
BA
On 2023-02-03 20:58, Paul Wouters wrote:
On Fri, 3 Feb 2023, [email protected] wrote:
Also, an observation I could make is, when the machine at Site Office
tries to reach the HO VPN server,
even though the ping does not happen, I can see the traffic go up
incrementally on both sides.
However when the HO tries to reach the Site Office, traffic from HO
goes out and likewise the In traffic
at Site Office also goes up incrementally, but there is no Out
traffic from Site Office. Attaching the
observation FYI. Any thoughts...?
In that case, perhaps the traffic is just getting filtered. Try logging
all iptables DROP rules and also ensure rp_filter is truly disabled on
all interfaces. And that forwarding is properly allowed.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
