<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Rescued from the Spam bucket. Please remember to subscribe to the mailing list before posting to it.<br><div><br></div><div><div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; color:rgba(127, 127, 127, 1.0);"><b>From: </b></span><span style="font-family:'Helvetica';">Nathan Roberts <<a href="mailto:nathan.roberts@gmail.com">nathan.roberts@gmail.com</a>><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; color:rgba(127, 127, 127, 1.0);"><b>Subject: </b></span><span style="font-family:'Helvetica';"><b>OpenSwan VPN pings but other traffic fails</b><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; color:rgba(127, 127, 127, 1.0);"><b>Date: </b></span><span style="font-family:'Helvetica';">July 12, 2014 at 6:16:13 AM GMT-4<br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; color:rgba(127, 127, 127, 1.0);"><b>To: </b></span><span style="font-family:'Helvetica';"><a href="mailto:users@lists.openswan.org">users@lists.openswan.org</a><br></span></div><br><br><div dir="ltr"><p style="margin: 0px 0px 1em; padding: 0px; border: 0px; font-size: 14px; vertical-align: baseline; clear: both; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; line-height: 17.804800033569336px; background-repeat: initial initial;">
I'm setting up a VPN server using OpenSwan, to establish site to site VPN.</p><p style="margin: 0px 0px 1em; padding: 0px; border: 0px; font-size: 14px; vertical-align: baseline; clear: both; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; line-height: 17.804800033569336px; background-repeat: initial initial;">
Site A has the OpenSwan server, sitting behind the SOHO router (ports 500 and 4500 forwarded and default route to subnet B all set to the local IPof VPN server).</p><p style="margin: 0px 0px 1em; padding: 0px; border: 0px; font-size: 14px; vertical-align: baseline; clear: both; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; line-height: 17.804800033569336px; background-repeat: initial initial;">
Site B has a mobile router which runs racoon, and a DynDns client.</p><p style="margin: 0px 0px 1em; padding: 0px; border: 0px; font-size: 14px; vertical-align: baseline; clear: both; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; line-height: 17.804800033569336px; background-repeat: initial initial;">
All PC's at Site A, can ping any PC in site B successfully. All PC's at site B can ping any PC in site A successfully. However PC's in site A cannot access services in site B (SNMP, web admin pages etc). The VPN server in site A can however access these. the VPN server is a fresh Centos install, not yet security hardened. I've very limited IPTables experience, but no rules have been added that should block other traffic. The individual PC's should also not have any firewall issues, as they accessed these services on the VPN used prior to the introduction of the OpenSwan VPN.</p><p style="margin: 0px 0px 1em; padding: 0px; border: 0px; font-size: 14px; vertical-align: baseline; clear: both; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; line-height: 17.804800033569336px; background-repeat: initial initial;">
If pings were failing I'd have a clue where the problem was, but where should I look when all pings work, but other traffic only works from the vpn server? I've tried searching but only find results relating to ping failure.</p></div></div></div></body></html>