[Openswan Users] net-to-net cannot ping
Paul Wouters
paul at xelerance.com
Wed Aug 31 16:15:40 CEST 2005
On Wed, 31 Aug 2005, rp wrote:
> 192.168.249.0/24===1.2.3.4[@gw]---208.57.234.1...208.57.234.1---5.6.7.8[@gw2]===192.168.248.0/24
>
> conn net-to-net
> left=1.2.3.4
> leftsubnet=192.168.249.0/24
> leftid=@gw
> leftrsasigkey=0sAQOOC3WHMwGDaNt6HzIL7Bk+VDY7KxcgyU/0/0sJyEsWPpoatGQ4a8msKKy
> leftnexthop=%defaultroute
> right=5.6.8.7
> rightsubnet=192.168.248.0/24
> rightid=@gw2
> rightrsasigkey=0sAQNyrnIlNBK1xAb66Bzwxymn+9kUmSkIQ+QWhVVcXBTJEdB5rqKLMZ+JmP
> rightnexthop=%defaultroute
> auto=start
> Aug 30 18:11:40 gw pluto[2771]: "net-to-net" #2: sent QI2, IPsec SA established
> {ESP=>0x984ffa19 <0x0e088b65}
> so it seems everything is fine. on 1.2.3.4 i have az iptables firewall, but
> hopefully all needed connections are accepted:
[firewall rules looked ok]
> however i just cannot ping any of the gateways. nothing can be pinged neither the
> gw's nor the hosts behind them.
>
> does anyone have a clue what can be wrong?
What does 'ipsec verify' say?
It could be a problem with ip_forwarding, rp_filter or that you are testing
pinging the external ip of the gateawy or you are pinging from the gateway
Paul
More information about the Users
mailing list