Hi, > On debugging, I noticed that Strongwan on the gateway detects that there > is a NAT and tries to detect NAT mapping changes via DPD. The pkt that > it sends out however > has a source address of 192.168.1.1, which cannot reach the 10.8.14.111 > address. It should have used the 192.168.10.8 address instead.
If that's the case your routing setup might be incorrect. strongSwan uses the system's routing tables (all but 220) to determine a source address to reach the peer. If it used 192.168.1.1 it did so for a reason, that is, there was a route that indicated the possibility to reach 10.8.14.111 via that address (or it actually received a packet on that address). You should have a look at the logs when this happens, which might give you some idea why it changed the address (try increasing the log level for the KNL log group to 2, see [1]). Regards, Tobias [1] http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users