[Openswan Users] "IPsec SA established" but ESP onlt in one direction

perr at com.dist.unige.it perr at com.dist.unige.it
Thu Aug 26 19:13:38 CEST 2004



I configured Openswan on debian linux.
Access is through certificates for L2TP over IPsec.
Clients are W2000/WXP with M$818043 patch applied.

VPN gateway also routes and NAT's an internal network.

Everything is fine with 

VPN gateway
|
INETRNET
|
Public addressed host

I see "IPsec SA established" and i sniff ESP packets in both directions (between
the public IP's of the two hosts).

l2tpd does it's dirty work, and also pppd, and I can see ppp0 interface.

Now the problem.

When I try

VPN gateway
|
INTERNET
|
NAT'ting router
|
Private addressed host (192.168.1.x)

In this case I see again "IPsec SA established", but ESP packets flow only from
the NAT'ting router public address to VPN gateway public address, and no packet
go to the opposite direction!!!!

l2tpd DOES NOT any log, as if incoming packets were discarded.

Has someone any idea of what's going on?

Thank you.

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/



More information about the Users mailing list