<div dir="ltr">Hi Nick,<div><br></div><div>thank you very very much!!!</div><div>Adding the leftsourceip and removing all empty lines in the conn definition did the trick!</div><div><br></div><div>Thanks,</div><div>Ben</div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Aug 14, 2013 at 9:43 AM, Nick Howitt <span dir="ltr"><<a href="mailto:n1ck.h0w1tt@gmail.com" target="_blank">n1ck.h0w1tt@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Add a leftsourceip to the conn. Also do not leave any blank lines in
the conn definition.<div><div class="h5"><br>
<br>
<div>On 14/08/2013 05:52, Ben Schmidt wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">Hi Gertjan,
<div><br>
</div>
<div>ping to a Address in the DST Network that should reply:</div>
<div>
<div>#########<br>
</div>
<div>ipsec01:~# ping 10.41.35.4</div>
<div>PING 10.41.35.4 (10.41.35.4) 56(84) bytes of data.</div>
<div>From yyy.yyy.27.137 icmp_seq=1 Destination Host
Unreachable</div>
<div>From yyy.yyy.27.137 icmp_seq=2 Destination Host
Unreachable</div>
</div>
<div>#########</div>
<div><br>
</div>
<div>tcpdump:</div>
<div>#########</div>
<div>
<div>ipsec01:~# tcpdump -n not port 22</div>
<div>tcpdump: verbose output suppressed, use -v or -vv for
full protocol decode</div>
<div>listening on eth0, link-type EN10MB (Ethernet), capture
size 65535 bytes</div>
<div>06:48:51.743462 IP yyy.yyy.27.141 > <a href="http://10.41.35.4" target="_blank">10.41.35.4</a>:
ICMP echo request, id 4483, seq 1, length 64</div>
<div>06:48:51.744362 IP yyy.yyy.27.137 > yyy.yyy.27.141:
ICMP host 10.41.35.4 unreachable, length 36</div>
<div>06:48:52.744488 IP yyy.yyy.27.141 > <a href="http://10.41.35.4" target="_blank">10.41.35.4</a>:
ICMP echo request, id 4483, seq 2, length 64</div>
<div>06:48:52.745262 IP yyy.yyy.27.137 > yyy.yyy.27.141:
ICMP host 10.41.35.4 unreachable, length 36</div>
</div>
<div>#########</div>
<div>yyy.yyy.27.141 is my public Gateway</div>
<div><br>
</div>
<div>Any Ideas?</div>
<div>
<br>
</div>
<div>Thanks,</div>
<div>Ben</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Aug 13, 2013 at 6:43 PM,
Gertjan Baarda <span dir="ltr"><<a href="mailto:gertjan.baarda@gmail.com" target="_blank">gertjan.baarda@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">What does
the ping output say?
<div>
<div><span></span><br>
<br>
On Tuesday, August 13, 2013, Ben Schmidt wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>
Hallo Mailing List,</div>
<div><br>
</div>
<div>I got VPN up and running from openswan 2.6.37-3
running on debian 7 amd64 connecting to a Juniper
ISG.</div>
<div>My Problem is that I can not get a single ping
over the Tunnel, seems like a routing Issue.</div>
<div><br>
</div>
<div>Here is my config: <a href="http://pastebin.com/QdqtpPsg" target="_blank">http://pastebin.com/QdqtpPsg</a></div>
<div>Here is the ouput of "ipsec auto --status": <a href="http://pastebin.com/7i4UJKAu" target="_blank">http://pastebin.com/7i4UJKAu</a></div>
<div>Here is the output of "ipsec barf" > <a href="http://pastebin.com/iaMkuGwc" target="_blank">http://pastebin.com/iaMkuGwc</a></div>
<div><br>
</div>
<div>So it tells me that "ip xfrm policy" is</div>
<div>###########</div>
<div>src <a href="http://192.168.210.0/24" target="_blank">192.168.210.0/24</a>
dst <a href="http://10.41.35.0/24" target="_blank">10.41.35.0/24</a></div>
<div> dir out priority 2344 ptype main</div>
<div> tmpl src yyy.yyy.27.141 dst
zzz.zzz.2.74</div>
<div> proto esp reqid 16385 mode
tunnel</div>
<div>src <a href="http://10.41.35.0/24" target="_blank">10.41.35.0/24</a>
dst <a href="http://192.168.210.0/24" target="_blank">192.168.210.0/24</a></div>
<div> dir fwd priority 2344 ptype main</div>
<div> tmpl src zzz.zzz.2.74 dst
yyy.yyy.27.141</div>
<div> proto esp reqid 16385 mode
tunnel</div>
<div>src <a href="http://10.41.35.0/24" target="_blank">10.41.35.0/24</a>
dst <a href="http://192.168.210.0/24" target="_blank">192.168.210.0/24</a></div>
<div> dir in priority 2344 ptype main</div>
<div> tmpl src zzz.zzz.2.74 dst
yyy.yyy.27.141</div>
<div> proto esp reqid 16385 mode
tunnel</div>
<div>###########</div>
<div><br>
</div>
<div>That should do what I want, but it doesn't.</div>
<div><br>
</div>
<div>Could someone please point me in a direction to
look at?</div>
<div><br>
</div>
<div>Thanks a lot,</div>
<div>Ben</div>
<div><br>
</div>
</div>
</blockquote>
<br>
<br>
</div>
</div>
<span><font color="#888888">-- <br>
Sent from Gmail Mobile<br>
</font></span></blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
<a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
Building and Integrating Virtual Private Networks with Openswan:
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div>