Project

General

Profile

Issue #3012

Strongswan issue with leftsubnet that is different than strongswan subnet

Added by ftv dev 5 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
configuration
Affected version:
5.7.2
Resolution:
No feedback

Description

I am setting up Strongswan and in my setup I have to tunnel from a subnet that are in a different network than strongswan.

left=2001:0db8:85a3:0000:0000:8a2e:0370:7334
leftid=<a public IP address>
leftsubnet=2111:0db8:85a3::/64
right=<public IP address of remote system>
rightid=<same ip as right>
rightsubnet=<same ip as right/64>

Unfortunately, Strongswan wasn't able to forward packets correctly even though that it is reaching them.

However, when I configure the left subnet to the same subnet strongswan instance belongs to, the association works and strongswan forward the packets without any issue.

example:

left=2001:0db8:85a3:0000:0000:8a2e:0370:7334
leftid=<a public IP address>
leftsubnet=2001:0db8:85a3::/64
right=<public IP address of remote system>
rightid=<same ip as right>
rightsubnet=<same ip as right/64>

I am wondering is this a limitation or I can fix it ?


Related issues

Has duplicate Issue #3011: Strongswan instanceClosed

History

#1 Updated by Noel Kuntze 5 months ago

#2 Updated by Noel Kuntze 5 months ago

  • Category set to configuration
  • Status changed from New to Feedback
  • Assignee set to Noel Kuntze

Hello,

Please follow the instructions on the HelpRequests page. Your problem is caused by a misconfiguration on your system.

Kind regards

Noel

#3 Updated by Tobias Brunner 5 months ago

Also cross-posted on serverfault.com.

#4 Updated by Tobias Brunner 4 months ago

  • Status changed from Feedback to Closed
  • Resolution set to No feedback

Also available in: Atom PDF