[Openswan Users] Ping through ipsec/l2tp tunnel(e.g. web.de or ...)

[foren titze]

Hello,

no my routing look ok. which route i must set to get the "world" traffic 
through the tunnel backwards. 

my routing table when connection is established:

80.226.237.35 via 62.96.xxx.129 dev ipsec0
62.96.xxx.130 via 192.168.121.1 dev eth1
192.168.121.251 dev ppp0  proto kernel  scope link  src 192.168.121.91
62.96.xxx.135 via 192.168.121.1 dev eth1
62.96.xxx.141 via 192.168.121.1 dev eth1
62.96.xxx.128/27 dev eth0  proto kernel  scope link  src 62.96.xxx.156
62.96.xxx.128/27 dev ipsec0  proto kernel  scope link  src 62.96.xxx.156
213.xxx.xxx.0/24 via 192.168.121.1 dev eth1
192.168.110.0/24 via 192.168.121.1 dev eth1
192.168.121.0/24 dev eth1  proto kernel  scope link  src 192.168.121.91
default via 62.96.xxx.129 dev eth0

It seems to are a routing problem, because the ping goes out (on vpn-gate) 
through eth0 (extern interface) with the assigned intern ip from l2tp daemon, 
and comes back through the gateway (192.168.121.1) of the inner Net.

BUT when i have establish the tunnel and make a 
"route add default gw 192.168.121.1" (i have now two standard gateways fist 
eth0 and second eth1)
then i can surf and ping the whole world of internet. 

BUT when i try to make a second tunnel from another roadwarrior, the new ipsec 
tunnel would't be constructed. 
when I delete the second default route, the second tunnel can be established!

My only wish is to take the tunnel from windows and work on the maschines in 
my company AND surf and get mail without disconnect. 

can you help me?

Thanks Zoni


Am Montag, 3. Mai 2004 14:21 schrieb Jacco de Leeuw:
> foren titze schreef:
>  > i have sucsessfully set up a windows l2tp vpn-tunnel with ipsec x509 and
>  > can reach all machines in my subnet. But I get no reply from web.de in
>  > the Tunnel back.
>  > So whats wrong?
>
> Possibly your routing, ip_forward or rp_filter...