[Openswan Users] please help , net-to-net , vpn established
!!!
Ferdinand O. Tempel
pw at linuxops.net
Sun Nov 28 13:42:39 CET 2004
On Sun, 2004-11-28 at 20:30 +0800, ww wrote:
> Hi,verery one,
>
>
>
> Please tell me what’s wrong with my vpn gate ,
>
> I post a picture of my home net and my office net here
> http://www.infotimes.com.cn/myvpn.htm
>
>
>
> I build VPN between home and office , The VPN link seems established ,
> but I can not ping from my home pc (not the gateway) to my office pc
> (not the office gateway ).
>
>
>
> I post my ipsec.conf and firewall script here ,
> http://www.infotimes.com.cn/myvpn.htm
>
>
>
> I spend 2 weeks to solution it already , PLEASE TELL ME What’s
> wrong with my vpn ?
>From your office firewall script:
iptables -P FORWARD DROP
iptables -A FORWARD -s $LAN -j ACCEPT
iptables -A FORWARD -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
Your ping requests seem to get stuck in your DROP policy of the FORWARD
chain as $LAN definately doesn't contain the IP range of your home
subnet (192.168.1.0/24).
iptables -I FORWARD -s 192.168.1.0/24 -j ACCEPT
--
Regards,
Ferdinand O. Tempel
Your friendly neighborhood linuxops.net administrator.
More information about the Users
mailing list