On 2016-11-08, Mik J <mikyde...@yahoo.fr> wrote: > Openbsd: 6.0 > > Hello, > > I have an ipsec vpn set up but I don't understand why my packets are going > out on the wrong interface. > > # ipsecctl -sa > FLOWS: > flow esp in from 192.168.8.0/24 to 10.2.89.224/27 peer remote.y.y.y srcid > external.ip.x.x/32 dstid remote.y.y.y/32 type use > flow esp out from 10.2.89.224/27 to 192.168.8.0/24 peer remote.y.y.y srcid > external.ip.x.x/32 dstid remote.y.y.y/32 type require > > SAD: > esp tunnel from remote.y.y.y to external.ip.x.x spi 0x779061a9 auth hmac-sha1 > enc aes-256 > esp tunnel from external.ip.x.x to remote.y.y.y spi 0xfd952672 auth hmac-sha1 > enc aes-256 > > When I ping 192.168.8.1 it's going out on OpenBSD external interface and > doesn't get into the tunnel. > > # tcpdump -n -i vmx0 icmp > > 08:23:35.881059 external.ip.x.x > 192.168.8.1: icmp: echo request
The external IP is not covered by the flow. Try ping -I 10.2.89.whatever 192.168.8.1. (OpenBSD only has flow-based IPsec, not route-based.) > I have another OpenBSD version 5.8 and everything is working properly For > example Do you have some extra route on that machine causing it to change the source address?
