[Openswan Users] Openswan to Openswan VPN tunnel - NEVER MIND
Aaron Smith
asmith at nexcerpt.com
Thu Apr 28 17:30:16 CEST 2005
Ummmm...yeah, it would probably help the situation if I wasn't FILTERING
OUT ESP PACKETS with iptables on the gateways....<Homer> DOH! </Homer>.
The times that it DID work must have been due to an odd alignment of the
iptables ESTABLISHED rule. Anyway, it's working MUCH better now.
Yippee!
On Thu, 2005-04-28 at 15:09, Aaron Smith wrote:
> In other news, I have been able to set up a working ipsec tunnel
> between two openswan servers. However, one minor annoyance is that when
> the tunnel is first brought up from the remote "client" (using --add),
> the connection is established without error, but pings from clients on
> one subnet to clients on the other subnet (NOT gateway to gateway) time
> out. BUT, if I try pinging once in one direction and then again in the
> OTHER direction, the tunnel suddenly starts working! This is kind of
> annoying because the purpose of this VPN tunnel is to allow remote
> access to the local subnet. But if I have to HAVE access in order to
> GET access...well, that's not very useful is it? :) What would cause
> this and, more importantly, how do I fix it? I suppose I could use a
> script when the tunnel comes up to cause something on the local subnet
> to ping me, but that seems like an awfully dirty hack.
--
-----------------------------------------------------------------
Aaron Smith vox: 269.226.9550 ext.26
http://www.nexcerpt.com fax: 269.349.9076
...Nexcerpt... Extend Your Expertise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20050428/17715e26/attachment-0001.bin
More information about the Users
mailing list