[Openswan Users] Openswan to Openswan VPN tunnel - NEVER MIND

Aaron Smith asmith at nexcerpt.com
Thu Apr 28 17:30:16 CEST 2005

Ummmm...yeah, it would probably help the situation if I wasn't FILTERING
OUT ESP PACKETS with iptables on the gateways....<Homer> DOH! </Homer>.
The times that it DID work must have been due to an odd alignment of the
iptables ESTABLISHED rule.  Anyway, it's working MUCH better now. 

On Thu, 2005-04-28 at 15:09, Aaron Smith wrote:
> 	In other news, I have been able to set up a working ipsec tunnel
> between two openswan servers.  However, one minor annoyance is that when
> the tunnel is first brought up from the remote "client" (using --add),
> the connection is established without error, but pings from clients on
> one subnet to clients on the other subnet (NOT gateway to gateway) time
> out.  BUT, if I try pinging once in one direction and then again in the
> OTHER direction, the tunnel suddenly starts working!  This is kind of
> annoying because the purpose of this VPN tunnel is to allow remote
> access to the local subnet.  But if I have to HAVE access in order to
> GET access...well, that's not very useful is it?  :)  What would cause
> this and, more importantly, how do I fix it?  I suppose I could use a
> script when the tunnel comes up to cause something on the local subnet
> to ping me, but that seems like an awfully dirty hack.
Aaron Smith             		vox: 269.226.9550 ext.26
http://www.nexcerpt.com       		fax: 269.349.9076	
	...Nexcerpt... Extend Your Expertise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20050428/17715e26/attachment-0001.bin

More information about the Users mailing list