[Openswan Users] Stumbling towards functional
Paul Wouters
paul at xelerance.com
Sat Apr 17 03:01:37 CEST 2004
On Fri, 16 Apr 2004, Geoffrey wrote:
> Okay, I'm getting closer to converting my tunnels over to Openswan. The
> problem now appears to be that I have a connection established, but
> there is no routing going on. There is a TXT entry with the key in our
> forward zonefiles for the home users OpenSWAN gateway system. I have
> modified the conf files as follows:
> include no_oe.conf
If you do not use OE, as indicated by using the no_oe.conf include file,
then you don't have to put anything in the dns.
> tun.0@<gateway external IP> tun.0@<ISP dhcp-supplied IP>
> 000 #3: "office" STATE_QUICK_I2 (sent QI2, IPsec SA established);
If you got an IPsec SA, but no traffic, this is often one of two problems:
1) no forwarding enabled on the gateway (check /etc/sysctl.conf)
2) NAT or MASQ rules are rewriting packets after they were crypted. Those
will be dropped by the other end. (exclude NATing packets with destination
behind an ipsec tunnel.
Paul
More information about the Users
mailing list