[Openswan Users] Host to net VPN question

Jacco de Leeuw jacco2 at dds.nl
Wed Mar 30 20:38:23 CEST 2005

Glenn MacGregor wrote:

> I make the connection to the ipsec gateway using certificates. I can ping the
> internal interface of the ipsec gateway (I did turn forwarding on in the kernel)
> and get a response. If I ping another box on the internal network I get no
> response. I did run tcpdump on the box I am trying to ping, I see the ping come
> in and the pong go out.

tcpdump on the IPsec gateway itself will only work if you are using KLIPS.
Otherwise tcpdump and other sniffers such as Ethereal will get confused.
In that case you need to run the sniffer on a separate box somewhere between
the client and the server.

> The problem (I think) is that when the ping comes in it
> has a public address so when any internal box tries to respond the response goes
> out its default gateway (not the ipsec gateway) trying to get there.

Perhaps you could post some more details about your setup. And upload the
output of 'ipsec barf' somewhere.

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list