<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Add a leftsourceip to the conn. Also do not leave any blank lines in
the conn definition.<br>
<br>
<div class="moz-cite-prefix">On 14/08/2013 05:52, Ben Schmidt wrote:<br>
</div>
<blockquote
cite="mid:CA+Cs8xJCbMiQ-zRsOQkf9PGFaViE=WkpTfajFFiZ3--roP5nEA@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Gertjan,
<div><br>
</div>
<div>ping to a Address in the DST Network that should reply:</div>
<div>
<div>#########<br>
</div>
<div>ipsec01:~# ping 10.41.35.4</div>
<div>PING 10.41.35.4 (10.41.35.4) 56(84) bytes of data.</div>
<div>From yyy.yyy.27.137 icmp_seq=1 Destination Host
Unreachable</div>
<div>From yyy.yyy.27.137 icmp_seq=2 Destination Host
Unreachable</div>
</div>
<div>#########</div>
<div><br>
</div>
<div>tcpdump:</div>
<div>#########</div>
<div>
<div>ipsec01:~# tcpdump -n not port 22</div>
<div>tcpdump: verbose output suppressed, use -v or -vv for
full protocol decode</div>
<div>listening on eth0, link-type EN10MB (Ethernet), capture
size 65535 bytes</div>
<div>06:48:51.743462 IP yyy.yyy.27.141 > <a
moz-do-not-send="true" href="http://10.41.35.4">10.41.35.4</a>:
ICMP echo request, id 4483, seq 1, length 64</div>
<div>06:48:51.744362 IP yyy.yyy.27.137 > yyy.yyy.27.141:
ICMP host 10.41.35.4 unreachable, length 36</div>
<div>06:48:52.744488 IP yyy.yyy.27.141 > <a
moz-do-not-send="true" href="http://10.41.35.4">10.41.35.4</a>:
ICMP echo request, id 4483, seq 2, length 64</div>
<div>06:48:52.745262 IP yyy.yyy.27.137 > yyy.yyy.27.141:
ICMP host 10.41.35.4 unreachable, length 36</div>
</div>
<div>#########</div>
<div>yyy.yyy.27.141 is my public Gateway</div>
<div><br>
</div>
<div>Any Ideas?</div>
<div>
<br>
</div>
<div>Thanks,</div>
<div>Ben</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Aug 13, 2013 at 6:43 PM,
Gertjan Baarda <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:gertjan.baarda@gmail.com" target="_blank">gertjan.baarda@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">What does
the ping output say?
<div class="HOEnZb">
<div class="h5"><span></span><br>
<br>
On Tuesday, August 13, 2013, Ben Schmidt wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>
Hallo Mailing List,</div>
<div><br>
</div>
<div>I got VPN up and running from openswan 2.6.37-3
running on debian 7 amd64 connecting to a Juniper
ISG.</div>
<div>My Problem is that I can not get a single ping
over the Tunnel, seems like a routing Issue.</div>
<div><br>
</div>
<div>Here is my config: <a moz-do-not-send="true"
href="http://pastebin.com/QdqtpPsg"
target="_blank">http://pastebin.com/QdqtpPsg</a></div>
<div>Here is the ouput of "ipsec auto --status": <a
moz-do-not-send="true"
href="http://pastebin.com/7i4UJKAu"
target="_blank">http://pastebin.com/7i4UJKAu</a></div>
<div>Here is the output of "ipsec barf" > <a
moz-do-not-send="true"
href="http://pastebin.com/iaMkuGwc"
target="_blank">http://pastebin.com/iaMkuGwc</a></div>
<div><br>
</div>
<div>So it tells me that "ip xfrm policy" is</div>
<div>###########</div>
<div>src <a moz-do-not-send="true"
href="http://192.168.210.0/24" target="_blank">192.168.210.0/24</a>
dst <a moz-do-not-send="true"
href="http://10.41.35.0/24" target="_blank">10.41.35.0/24</a></div>
<div> dir out priority 2344 ptype main</div>
<div> tmpl src yyy.yyy.27.141 dst
zzz.zzz.2.74</div>
<div> proto esp reqid 16385 mode
tunnel</div>
<div>src <a moz-do-not-send="true"
href="http://10.41.35.0/24" target="_blank">10.41.35.0/24</a>
dst <a moz-do-not-send="true"
href="http://192.168.210.0/24" target="_blank">192.168.210.0/24</a></div>
<div> dir fwd priority 2344 ptype main</div>
<div> tmpl src zzz.zzz.2.74 dst
yyy.yyy.27.141</div>
<div> proto esp reqid 16385 mode
tunnel</div>
<div>src <a moz-do-not-send="true"
href="http://10.41.35.0/24" target="_blank">10.41.35.0/24</a>
dst <a moz-do-not-send="true"
href="http://192.168.210.0/24" target="_blank">192.168.210.0/24</a></div>
<div> dir in priority 2344 ptype main</div>
<div> tmpl src zzz.zzz.2.74 dst
yyy.yyy.27.141</div>
<div> proto esp reqid 16385 mode
tunnel</div>
<div>###########</div>
<div><br>
</div>
<div>That should do what I want, but it doesn't.</div>
<div><br>
</div>
<div>Could someone please point me in a direction to
look at?</div>
<div><br>
</div>
<div>Thanks a lot,</div>
<div>Ben</div>
<div><br>
</div>
</div>
</blockquote>
<br>
<br>
</div>
</div>
<span class="HOEnZb"><font color="#888888">-- <br>
Sent from Gmail Mobile<br>
</font></span></blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a>
Micropayments: <a class="moz-txt-link-freetext" href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
Building and Integrating Virtual Private Networks with Openswan:
<a class="moz-txt-link-freetext" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
<br>
</body>
</html>