Michael Camino wrote: > When i run a tracert from 10.0.3.1 to 10.0.2.1 it appears the traffic is > going out my router interface instead over the vpn interface.
First of all there's no such thing as a VPN interface. There used to be one with KLIPS but with Linux 2.6 and the native IPsec stack packets travel over the regular (e.g. eth0) interface. Is the reqid in the firewall config consistent with the one configured in the security policy database (SPD)? Please send the output of the following commands which helps troubleshooting a lot: ip xfrm policy ip xfrm state ip route show table 0 Also, use tcpdump -npi <interface> to do some debugging. Check if ESP packets are traveling across the link -Daniel _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users