[Openswan Users] Can't reach hosts behind my VPN-Gateway

Nate Carlson natecars at natecarlson.com
Fri Apr 16 14:15:08 CEST 2004

On Fri, 16 Apr 2004, Sebastian Albrecht wrote:
> I played a bit with both. The problem is the same when having only
> ipsec1 or when having ipsec0 and ipsec1. I thought the virtual ipsec
> interface is only needed on the wireless side, the gateway decrypts the
> packets and sends them to their destination in the private LAN via eth0.

OK, yeah, you should just need the one IPSec interface, if you just want
to encrypt on the wireless side. You could use ipsec0 instead of ipsec1, 
if you so desired.

> I see packets coming in, but only on eth1, not on eth0, as expected.  
> tcpdump shows "arp who-has" packets coming in on eth1, but not on ipsec1
> nor ipsec0.

So you see encrypted packets coming in on eth1, but no packets being
forwarded out eth0?

| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
|       depriving some poor village of its idiot since 1981            |

More information about the Users mailing list