route problem in route-based with xfrm interface #279
Replies: 2 comments 4 replies
-
Please use text instead of graphics and provide the output of EDIT: Also, please provide full, not cut off output! And IP addresses are not secrets.
Don't do that. The default policies only work with mark 0x0. It's one way this can go wrong. And please provide the output of |
Beta Was this translation helpful? Give feedback.
-
Thanks Thermi,
Thanks a lot Thermi |
Beta Was this translation helpful? Give feedback.
-
I have a NSX ipsec on the other side and debian with strongswan 5.9.2 and xfrm interface on the other side.
I could ping and ssh to the local interface on Linux server from the local vm of NSX but I can do vice versa from Linux. NSX is behind the NAT.
There is obviously problems with routes but I don't know how to fix it. Please help me out with that.
/etc/swanctl/swanctl.conf
ip route list
ip a (the public interface is not in the list)
tcpdump 0i ipsec0 -n
Ping from linux
swanctl --list-sas
iptables -L
Beta Was this translation helpful? Give feedback.
All reactions