<blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote"><pre>On Fri, 16 Mar 2007, Bob Benstro wrote:<br><br>><i> I have two Linux boxes, connected via openswan. The tunnel starts up
<br></i>><i> correctly, routes are visable, and everything seems to be ok.<br></i>><i><br></i>><i> >From the remote side, I can easily connect to my excruded subnet without<br></i>><i> issue. For example, I have
<a href="http://192.168.0.0/24">192.168.0.0/24</a> excruded, and I can connet to<br></i>><i> .50, .60, .1 without issue. I can initiate TCP connections, there are no<br></i>><i> problems. ICMP works fine too.<br></i>
><i><br></i>><i> However, when I try to initiate a connecton from the local side, I can not<br></i>><i> connect to the remote side's IP. The route is visible via ip route or route<br></i>><i> command, but the traffic simply leaves the routed interface without
<br></i>><i> encryption.<br></i><br>Most often this is due to the vpn server not being the default gateway, and<br>the local subnet sending the traffic for the vpn to the default gateway,<br>instead of the vpn server.</pre>
</blockquote><div><br>I'm not sure what you mean. It seems weird that you've removed from my quoted material above, the text that provides information showing this isn't the case. <br><br>Anyhow, as I mentioned, the traffic is indeed leaving the correctly routed interface as it should be. The only problem is that the traffic leaving that interface is not encrypted. It is, however, leaving the interface it should be leaving, in order to reach the remote box. My local subnet and its default route is not in question, as I am performing all tests on the VPN box itself, so no need to worry there.
<br><br><br></div><br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote"><pre>I wouldn't be able to say what's wrong in your case without seeing more of
<br>the network structure.</pre></blockquote>