Hello, I've had this problem since at least 9.0 but it angered me enough now so I come here asking for help.
I have an IPSec network net to net.
other side 10.11.12.0/24
FreeBSD/strongswan 192.168.1.1/24
on 192.168.1.1 there is one windows computer and one Linux and some androids.
If I just fire up the tunnel and don't add any routes on the FreeBSD machine, both Windows and Linux/Android can ping 10.11.12.0/24. But the FreeBSD machine itself can't. So, I add a route like this
Fine, now FreeBSD can ping 10.11.12.0/24 just fine. BUT Linux/Android now can't anymore, Windows still works fine though.
If I do a traceroute on Linux to 10.11.12.13 it shows the first gateway being 192.168.1.106 (which is its own IP). If I tcpdump(8) on FreeBSD I see a lot of those which looks fishy...
Strongswan shouldn't be blamed here, I've used Racoon for at least 2 years with this problem.
Best regards
Martin
I have an IPSec network net to net.
other side 10.11.12.0/24
FreeBSD/strongswan 192.168.1.1/24
on 192.168.1.1 there is one windows computer and one Linux and some androids.
If I just fire up the tunnel and don't add any routes on the FreeBSD machine, both Windows and Linux/Android can ping 10.11.12.0/24. But the FreeBSD machine itself can't. So, I add a route like this
route add -net 10.11.12.0/24 192.168.1.1
.Fine, now FreeBSD can ping 10.11.12.0/24 just fine. BUT Linux/Android now can't anymore, Windows still works fine though.
If I do a traceroute on Linux to 10.11.12.13 it shows the first gateway being 192.168.1.106 (which is its own IP). If I tcpdump(8) on FreeBSD I see a lot of those which looks fishy...
Code:
15:58:16.553497 ARP, Request who-has 10.11.12.13 tell 192.168.1.106, length 46
15:58:17.556957 ARP, Request who-has 10.11.12.13 tell 192.168.1.106, length 46
15:58:18.560170 ARP, Request who-has 10.11.12.13 tell 192.168.1.106, length 46
15:58:19.563379 ARP, Request who-has 10.11.12.13 tell 192.168.1.106, length 46
Best regards
Martin