[Openswan Users] Only getting traffic oneway from Openswan to
Andy at seas.wustl.edu
Fri Feb 11 12:03:52 CET 2005
I think you are going to have enable rip on your internal interface of
the cisco 3060 and then under the routing section of the lan-to-lan do
RRI, reverse route injection. That will give the cisco a route to your
network. You can check it under monitoring and then routing table. Got
this from the cisco documentation.
On a side note, I am running 4.1.7.B-k9.bin. I establish a connection
with the vpn concentrator but my tunnels show unrouted with ipsec auto
--status and no tunnels up with /etc/init.d/ipsec status. I still have
no idea why this won't work.
You are one step ahead of me....
Let me know if this works for you.
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Shane Hickey
Sent: Friday, February 11, 2005 11:50 AM
To: users at openswan.org
Subject: [Openswan Users] Only getting traffic oneway from Openswan to
Allright, I'm sure this has to be something simple, but I can't find it
anywhere. Here's my setup.
Gentoo laptop running 2.6.7-hardened-r17 (with no other kernel
cat /etc/ipsec/ipsec.conf | grep -v ^#
version 2.0 # conforms to second version of ipsec.conf specification
# Debug-logging controls: "none" for (almost) none, "all" for
Cisco VPN 3060 running vpn3000-4.1.5.A-k9.bin.
I created an IPSec LAN-to-LAN connection with the following information.
Connection Type: Bi-directional
IKE Proposal: IKE-3DES-MD5
IPSec NAT-T [checked]
Local Network: 10.250.0.0/16 192.168.0.0/16
Remote Network: 10.252.238.0
SYMPTOMS: Any traffic that is originated from my side works fine. So, I
can ssh/web/whatever to anything in the 10.250 or 192.168 networks
behind the concentrator. However, nothing behind the concentrator can
initiate a new connection to my network. They can't ping 10.252.238 or
do anything else to that network. I don't believe it's my iptables
rules on the firewall, but to test it, I ran ethereal on the laptop
firewall box and had it capture all ICMP packets. It sees pings that
originate from my network, but it doesn't see anything that was
originated from behind the concentrator. So, I don't believe the
packets from that side are making it here.
I'm sure I've done something foolish, so any help would be greatly
Shane Hickey <shane at howsyournetwork.com>: Network/System Consultant
GPG KeyID: 777CBF3F
Key fingerprint: 254F B2AC 9939 C715 278C DA95 4109 9F69 777C BF3F
Users mailing list
Users at openswan.org
More information about the Users