<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:12px"><div style="" class="">Hi guys, I have phase 1 and 2 up on both sides. logs look good. But I cannot ping from either end.</div><div style="" class="">One side is openswan, the other is Juniper firewall.</div><div style="" class=""><br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 12px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; background-color: transparent; font-style: normal;">Traceroute from the juniper to the internal address shows the first hop failing, traceroute from openswan shows the traffic going out into the realms of the internet. It would appear openswan is not routing the traffic correctly. Juniper has permit any any rules on all interfaces. <br></div><div class="" style="color: rgb(0, 0, 0); font-size:
12px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 12px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; background-color: transparent; font-style: normal;">Any help would be appreciated!<br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 12px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 12px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 12px; font-family: HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; background-color: transparent; font-style: normal;">conn netconn7<br style="" class=""> authby="secret"<br style="" class=""> left=%defaultroute<br style="" class=""> leftsubnet=192.168.10.0/24<br style="" class=""> leftid=@routerA<br style="" class=""> right=111.69.xx.xx<br style="" class=""> rightsubnet=192.168.1.0/24<br style="" class=""> rightid=@srx<br style="" class=""> pfs=off<br style="" class=""> salifetime=28800s<br style="" class=""> ikelifetime=3600s<br style=""
class=""> auth=esp<br style="" class=""> ike=aes128-sha1;modp768<br style="" class=""> phase2alg=aes128-sha1;modp768<br style="" class=""> dpdaction=restart<br style="" class=""> dpddelay=10<br style="" class=""> dpdtimeout=60<br style="" class=""> aggrmode=yes<br style="" class=""> auto=add</div><div class="" style="color: rgb(0, 0, 0); font-size: 12px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 12px; font-family: HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; background-color: transparent; font-style: normal;">iptables:</div><div class="" style="color: rgb(0, 0, 0); font-size: 12px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 12px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; background-color: transparent; font-style: normal;">oot:/etc# iptables -L -v -n<br style="" class="">hain INPUT (policy ACCEPT 204 packets, 9136 bytes)<br style="" class="">pkts bytes target prot opt in out source destination<br style="" class=""><br style="" class=""> 5 145 ACCEPT
all -- lo * 0.0.0.0/0 0.0.0.0/0<br style="" class=""><br style="" class=""> 266 16806 macipport_filter_inbound all -- * * 0.0.0.0/0<br style="" class=""> 0.0.0.0/0<br style="" class=""> 266 16806 macipport_filter all -- * * 0.0.0.0/0 0.0.0<br style="" class="">0/0<br style="" class=""> 266 16806 filter all -- * * 0.0.0.0/0 0.0.0.0/0<br style="" class=""><br style="" class=""><br style="" class="">hain
FORWARD (policy ACCEPT 0 packets, 0 bytes)<br style="" class="">pkts bytes target prot opt in out source destination<br style="" class=""><br style="" class=""> 0 0 macipport_filter_forward all -- * * 0.0.0.0/0<br style="" class=""> 0.0.0.0/0<br style="" class=""> 0 0 ipport_filter_forward all -- * * 0.0.0.0/0<br style="" class="">.0.0.0/0<br style="" class=""> 0 0 macipport_filter all -- * *
0.0.0.0/0 0.0.0<br style="" class="">0/0<br style="" class=""> 0 0 filter_forward all -- * * 0.0.0.0/0 0.0.0.0<br style="" class="">0<br style="" class=""><br style="" class="">hain OUTPUT (policy ACCEPT 195 packets, 30949 bytes)<br style="" class="">pkts bytes target prot opt in out source destination<br style="" class=""><br style="" class=""> 197 31007 macipport_filter_outbound all -- * * 0.0.0.0/0<br style="" class=""> 0.0.0.0/0<br style=""
class=""><br style="" class="">hain filter (1 references)<br style="" class="">pkts bytes target prot opt in out source destination<br style="" class=""><br style="" class=""> 0 0 ACCEPT icmp -- wwan0 * 0.0.0.0/0 0.0.0.0/0<br style="" class=""> icmp type 8<br style="" class=""> 0 0 ACCEPT tcp -- wwan0 * 0.0.0.0/0 192.168.10.1<br style="" class=""> tcp dpt:80<br style=""
class=""> 0 0 DROP tcp -- wwan0 * 0.0.0.0/0 0.0.0.0/0<br style="" class=""> tcp dpt:80<br style="" class=""> 0 0 ACCEPT tcp -- wwan0 * 0.0.0.0/0 192.168.10.1<br style="" class=""> tcp dpt:443<br style="" class=""> 0 0 DROP tcp -- wwan0 * 0.0.0.0/0 0.0.0.0/0<br style="" class=""> tcp dpt:443<br
style="" class=""> 0 0 ACCEPT tcp -- wwan0 * 0.0.0.0/0 0.0.0.0/0<br style="" class=""> tcp dpt:23<br style="" class=""> 0 0 ACCEPT tcp -- wwan0 * 0.0.0.0/0 192.168.10.1<br style="" class=""> tcp dpt:22<br style="" class=""> 0 0 DROP tcp -- wwan0 * 0.0.0.0/0 0.0.0.0/0<br style="" class=""> tcp dpt:22<br
style="" class=""> 7 1171 ACCEPT udp -- wwan0 * 0.0.0.0/0 0.0.0.0/0<br style="" class=""> udp dpt:500<br style="" class=""> 0 0 ACCEPT udp -- wwan0 * 0.0.0.0/0 0.0.0.0/0<br style="" class=""> udp dpt:4500<br style="" class=""> 0 0 ACCEPT esp -- wwan0 * 0.0.0.0/0 0.0.0.0/0<br style="" class=""><br style="" class=""> 0 0
ACCEPT ah -- wwan0 * 0.0.0.0/0 0.0.0.0/0<br style="" class=""><br style="" class=""> 0 0 ACCEPT all -- wwan0 * 0.0.0.0/0 0.0.0.0/0<br style="" class=""> state RELATED,ESTABLISHED<br style="" class=""> 0 0 DROP all -- wwan0 * 0.0.0.0/0 0.0.0.0/0<br style="" class=""><br style="" class=""><br style="" class="">hain filter_forward (1 references)<br style="" class="">pkts bytes target
prot opt in out source destination<br style="" class=""><br style="" class=""> 0 0 ACCEPT all -- wwan0 * 0.0.0.0/0 0.0.0.0/0<br style="" class=""> mark match 0x1<br style="" class=""> 0 0 ACCEPT all -- wwan0 * 0.0.0.0/0 0.0.0.0/0<br style="" class=""> state RELATED,ESTABLISHED<br style="" class=""> 0 0 DROP all --
wwan0 * 0.0.0.0/0 0.0.0.0/0<br style="" class=""><br style="" class=""><br style="" class="">hain ipport_filter_forward (1 references)<br style="" class="">pkts bytes target prot opt in out source destination<br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 12px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 12px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class=""
style="color: rgb(0, 0, 0); font-size: 12px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; background-color: transparent; font-style: normal;">root:/etc# netstat -rn<br style="" class="">Kernel IP routing table<br style="" class="">Destination Gateway Genmask Flags MSS Window irtt Iface<br style="" class="">0.0.0.0 49.226.157.41 0.0.0.0 UG 0 0 0 wwan0<br style="" class="">49.226.157.40 0.0.0.0 255.255.255.252 U 0 0 0
wwan0<br style="" class="">192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 br0<br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 12px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 12px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 12px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; background-color: transparent; font-style: normal;"><br style=""
class=""></div></div></body></html>