Openbsd: 6.0 Hello,
I have an ipsec vpn set up but I don't understand why my packets are going out on the wrong interface. # ipsecctl -sa FLOWS: flow esp in from 192.168.8.0/24 to 10.2.89.224/27 peer remote.y.y.y srcid external.ip.x.x/32 dstid remote.y.y.y/32 type use flow esp out from 10.2.89.224/27 to 192.168.8.0/24 peer remote.y.y.y srcid external.ip.x.x/32 dstid remote.y.y.y/32 type require SAD: esp tunnel from remote.y.y.y to external.ip.x.x spi 0x779061a9 auth hmac-sha1 enc aes-256 esp tunnel from external.ip.x.x to remote.y.y.y spi 0xfd952672 auth hmac-sha1 enc aes-256 When I ping 192.168.8.1 it's going out on OpenBSD external interface and doesn't get into the tunnel. # tcpdump -n -i vmx0 icmp 08:23:35.881059 external.ip.x.x > 192.168.8.1: icmp: echo request # sysctl net.inet.ip.forwarding net.inet.ip.forwarding=1 I have another OpenBSD version 5.8 and everything is working properly For example # tcpdump -i enc0 tcpdump: listening on enc0, link-type ENC 08:32:25.011263 (authentic,confidential): SPI 0x08927690: 192.168.x.2 > 10.2.1.2: icmp: echo request (encap) 08:32:25.071152 (authentic,confidential): SPI 0xa9b5a687: 10.2.1.2 > 192.168.x.2: icmp: echo reply (encap) Does anyone have an idea why it behaves like this ? Thank you
