Hello, networking gurus. I’ve got an issue that’s got me super puzzled on Linux. So, I’m setting up two devices on an IPsec VPN connection, a laptop on wifi and a desktop that’s wired. Both identical OS’es (Fedora 32), identical VPN applications (StrongSwan). The laptop works like a charm, but the desktop refuses to use the tunnel, reports the same address, does not reach services that have the VPN server whitelisted, even though it reports as connected and indeed - everything sets up.
As far down as I’ve been able to track this down, and what got me stumped - both laptop and desktop set their XFRM policies, everything what I might expect is there, here’s the diff from ip xfrm policy from before and after:
policy_diff
0a1,12
> src 10.6.1.22/32 dst 0.0.0.0/0
> dir out priority 383615 ptype main
> tmpl src <redacted lan IP> dst <redacted remote IP>
> proto esp spi 0xc1580a7a reqid 1 mode tunnel
> src 0.0.0.0/0 dst 10.6.1.22/32
> dir fwd priority 383615 ptype main
> tmpl src <redacted remote IP> dst <redacted lan IP>
> proto esp reqid 1 mode tunnel
> src 0.0.0.0/0 dst 10.6.1.22/32
> dir in priority 383615 ptype main
> tmpl src <redacted remote IP> dst <redacted lan IP>
> proto esp reqid 1 mode tunnel
24a37,52
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket in priority 0 ptype main
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket out priority 0 ptype main
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket in priority 0 ptype main
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket out priority 0 ptype main
> src ::/0 dst ::/0
> socket in priority 0 ptype main
> src ::/0 dst ::/0
> socket out priority 0 ptype main
> src ::/0 dst ::/0
> socket in priority 0 ptype main
> src ::/0 dst ::/0
> socket out priority 0 ptype main
AFAIK this should be a done deal at this point, if the policies are there. I have no idea where to look next, why is the desktop behaving such? Any ideas? Differences with network cards etc?