[Openswan Users] "IPsec SA established" but ESP onlt in one
direction
Paul Wouters
paul at xelerance.com
Thu Aug 26 19:31:45 CEST 2004
On Thu, 26 Aug 2004 perr at com.dist.unige.it wrote:
> In this case I see again "IPsec SA established", but ESP packets flow only from
> the NAT'ting router public address to VPN gateway public address, and no packet
> go to the opposite direction!!!!
>
> l2tpd DOES NOT any log, as if incoming packets were discarded.
>
> Has someone any idea of what's going on?
- First try disabling all firewall rules to ensure that is not the problem.
- Run 'ipsec verify' (ignore the OE warnings).
- Check the settings for rp_filter on all interfaces (esp the ppp ones). They
should all be 0.
Check if there are any log messages from the VPN gateway.
Paul
More information about the Users
mailing list