I hate talking to myself...
But I found it !
It was a damn iptables nat rules not done properly !!
D'ho !
Nicolas
>I just found found out that from a remote host behing remote GW, if I ping
>a local host behing local GW, I get this :
>
> Nov 23 10:54:11 router2 kernel: NET: 4 messages suppressed.
> Nov 23 10:54:11 router2 kernel: klips_error:ipsec_xmit_send: ip_send()
> failed, err=1
>
> In my remote /var/log/message
>
> It seems I suffer of the "no eroute" problem, as described in the FAQ...
> But all my config/routes seems correct to me...
>
> There is no masquerading involved here...
>
> I am still trying to find the problem...
>
> Nicolas
>
>> Ok, I got all this sorted out...
>>
>> Yesterday, I got the 2 gateways connect to each other, and I was able to
>> send ping from subnet behind my left gw to the IP of the subnet of the
>> right
>> subnet...
>>
>> Now, late yesterday, the remote gw has been rebooted to add another NIC,
>> the
>> tunnel stills go up, but I cannot ping either way. I cannot see what have
>> changed since yesterday that prevents the ping to go trough...
>>
>> With tcpdump, I can see that a packet arrives at the remote GW, from my
>> local GW, but the packet does'nt go out to the rightsubnet...
>>
>> Here's my setup again :
>>
>> 192.168.10.0/24 - 192.168.10.1 a.b.c.d -- a.b.c.e {internet} --+
>> |
>> 10.0.1.0/24 --- 10.0.1.1 f.g.h.i ---- f.g.h.j {internet} --+
>>
>> My ipsec.conf :
>>
>> conn testvpnos
>> left=a.b.c.d
>> leftsubnet=192.168.10.0/24
>> leftnexthop=a.b.c.e
>> leftid=@testipsec.xx.xx
>> leftrsasigkey=0s...
>> right=f.g.h.i
>> rightsubnet=10.0.1.0/24
>> rightnexthop=f.g.h.j
>> rightid=@router2.xx.xx
>> rightrsasigkey=0s...
>> auto=add
>>
>> include /etc/ipsec.d/examples/no_oe.conf
>>
>> The tunnel goes up smootly, but nothing pings either way...
>>
>> Can you tel me what's wrong ?
>>
>> Thanks for any hints !
>>
>> Nicolas
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>