From owner-freebsd-net@FreeBSD.ORG  Fri Dec 12 11:49:10 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 64A7735A
 for <freebsd-net@freebsd.org>; Fri, 12 Dec 2014 11:49:10 +0000 (UTC)
Received: from forward10l.mail.yandex.net (forward10l.mail.yandex.net
 [IPv6:2a02:6b8:0:1819::a])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "forwards.mail.yandex.net",
 Issuer "Certum Level IV CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1ED9EC0C
 for <freebsd-net@freebsd.org>; Fri, 12 Dec 2014 11:49:10 +0000 (UTC)
Received: from smtp11.mail.yandex.net (smtp11.mail.yandex.net [95.108.130.67])
 by forward10l.mail.yandex.net (Yandex) with ESMTP id B3CFDBA0FC9;
 Fri, 12 Dec 2014 14:49:06 +0300 (MSK)
Received: from smtp11.mail.yandex.net (localhost [127.0.0.1])
 by smtp11.mail.yandex.net (Yandex) with ESMTP id EF89E7E15F2;
 Fri, 12 Dec 2014 14:49:05 +0300 (MSK)
Received: from unknown (unknown [2a02:6b8:0:40c:120b:a9ff:fe93:c998])
 by smtp11.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id I2OsbBddSs-n5cKM2H5; 
 Fri, 12 Dec 2014 14:49:05 +0300
 (using TLSv1.2 with cipher AES128-SHA (128/128 bits))
 (Client certificate not present)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail;
 t=1418384945; bh=nKwbMDeOSZAdSjppYd8DRZIRs0W24shvTAJ3GKcPzVw=;
 h=Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:
 References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
 b=QWEwqTFq7o+eoC5OXm5HB8S0+lbfhqBYE+c5tZ+OprawVbiA5OE3Gx04Hh9hdwkpK
 GB8/6b2EwLv4yYgGcdXOwSuZb4d9ESYlowxdL/f8O3mnovztJOsa+fjvUFUex1j0Ip
 sDx61huZ4OXB9cUBlJS67+CmW7hvPnfBPTG3sNiI=
Authentication-Results: smtp11.mail.yandex.net; dkim=pass header.i=@yandex.ru
Message-ID: <548AD623.3070503@yandex.ru>
Date: Fri, 12 Dec 2014 14:48:51 +0300
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: =?windows-1252?Q?G=F6ran_L=F6wkrantz?= <goran.lowkrantz@ismobile.com>, 
 freebsd-net@freebsd.org
Subject: Re: IPSec and StrongSWAN result in wrong forward
References: <0B86BA4B10B152ADEE1E8BEE@[172.16.2.27]>
In-Reply-To: <0B86BA4B10B152ADEE1E8BEE@[172.16.2.27]>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
Cc: Martin Palm <martin.palm@indicate.se>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Dec 2014 11:49:10 -0000

On 12.12.2014 14:13, Göran Löwkrantz wrote:
> Host: 10.1-STABLE FreeBSD 10.1-STABLE #0 r275046
> Sw: strongswan-5.2.0_1
> 
> Putting up an ESP tunnel between 192.168.2.0/24 and 192.168.40.8/29 over
> endpoints X and W. The outgoing traffic is passed through a DMZ and
> exists on my side through a firewall with inner address Y and outer
> address U.

Do you use gif(4) to create tunnels?

-- 
WBR, Andrey V. Elsukov