<div dir="ltr">Hi Gertjan,<div><br></div><div>ping to a Address in the DST Network that should reply:</div><div><div>#########<br></div><div>ipsec01:~# ping 10.41.35.4</div><div>PING 10.41.35.4 (10.41.35.4) 56(84) bytes of data.</div>
<div>From yyy.yyy.27.137 icmp_seq=1 Destination Host Unreachable</div><div>From yyy.yyy.27.137 icmp_seq=2 Destination Host Unreachable</div></div><div>#########</div><div><br></div><div>tcpdump:</div><div>#########</div><div>
<div>ipsec01:~# tcpdump -n not port 22</div><div>tcpdump: verbose output suppressed, use -v or -vv for full protocol decode</div><div>listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes</div><div>06:48:51.743462 IP yyy.yyy.27.141 > <a href="http://10.41.35.4">10.41.35.4</a>: ICMP echo request, id 4483, seq 1, length 64</div>
<div>06:48:51.744362 IP yyy.yyy.27.137 > yyy.yyy.27.141: ICMP host 10.41.35.4 unreachable, length 36</div><div>06:48:52.744488 IP yyy.yyy.27.141 > <a href="http://10.41.35.4">10.41.35.4</a>: ICMP echo request, id 4483, seq 2, length 64</div>
<div>06:48:52.745262 IP yyy.yyy.27.137 > yyy.yyy.27.141: ICMP host 10.41.35.4 unreachable, length 36</div></div><div>#########</div><div>yyy.yyy.27.141 is my public Gateway</div><div><br></div><div>Any Ideas?</div><div>
<br></div><div>Thanks,</div><div>Ben</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Aug 13, 2013 at 6:43 PM, Gertjan Baarda <span dir="ltr"><<a href="mailto:gertjan.baarda@gmail.com" target="_blank">gertjan.baarda@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">What does the ping output say?<div class="HOEnZb"><div class="h5"><span></span><br><br>On Tuesday, August 13, 2013, Ben Schmidt wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>
Hallo Mailing List,</div><div><br></div><div>I got VPN up and running from openswan 2.6.37-3 running on debian 7 amd64 connecting to a Juniper ISG.</div><div>My Problem is that I can not get a single ping over the Tunnel, seems like a routing Issue.</div>
<div><br></div><div>Here is my config: <a href="http://pastebin.com/QdqtpPsg" target="_blank">http://pastebin.com/QdqtpPsg</a></div><div>Here is the ouput of "ipsec auto --status": <a href="http://pastebin.com/7i4UJKAu" target="_blank">http://pastebin.com/7i4UJKAu</a></div>
<div>Here is the output of "ipsec barf" > <a href="http://pastebin.com/iaMkuGwc" target="_blank">http://pastebin.com/iaMkuGwc</a></div><div><br></div><div>So it tells me that "ip xfrm policy" is</div>
<div>###########</div>
<div>src <a href="http://192.168.210.0/24" target="_blank">192.168.210.0/24</a> dst <a href="http://10.41.35.0/24" target="_blank">10.41.35.0/24</a></div><div> dir out priority 2344 ptype main</div><div> tmpl src yyy.yyy.27.141 dst zzz.zzz.2.74</div>
<div> proto esp reqid 16385 mode tunnel</div><div>src <a href="http://10.41.35.0/24" target="_blank">10.41.35.0/24</a> dst <a href="http://192.168.210.0/24" target="_blank">192.168.210.0/24</a></div><div> dir fwd priority 2344 ptype main</div>
<div> tmpl src zzz.zzz.2.74 dst yyy.yyy.27.141</div><div> proto esp reqid 16385 mode tunnel</div><div>src <a href="http://10.41.35.0/24" target="_blank">10.41.35.0/24</a> dst <a href="http://192.168.210.0/24" target="_blank">192.168.210.0/24</a></div>
<div> dir in priority 2344 ptype main</div><div> tmpl src zzz.zzz.2.74 dst yyy.yyy.27.141</div><div> proto esp reqid 16385 mode tunnel</div><div>###########</div><div><br></div><div>That should do what I want, but it doesn't.</div>
<div><br></div><div>Could someone please point me in a direction to look at?</div><div><br></div><div>Thanks a lot,</div><div>Ben</div><div><br></div></div>
</blockquote><br><br></div></div><span class="HOEnZb"><font color="#888888">-- <br>Sent from Gmail Mobile<br>
</font></span></blockquote></div><br></div>