[Openswan Users] Problems with a tunnel
Michael Schwartzkopff
misch at multinet.de
Tue May 10 22:01:29 CEST 2005
> Hi Michael (no not me, you),
>
> I would take a good look at the returning ICMP packet. The most obvious
> suggestion is that the returning packet does not look like what your
> (presumably stateful) firewall is expecting. Perhaps the pinged client
> is sending out dud checksums or returning the packet from another
> interface and hence IP address.
> Capture the packets with something like "tcpdump -i <dev> -s 2000 -w
> icmp.cap -p icmp" and have a look at it in ethereal.
> Cheers,
> Michael (no not you, me).
Hi Michael (you !)
firewall looks like:
iptables -I FORWARD -i ipsec0 -j ACCEPT and
iptables -I FORWARD -o ipsec0 -j ACCEPT
So this cannot be the problem. If I watch iptables -nvL FORWARD then I see
this rule beeing triggered. Any other ideas ?
Thanks, Michael.
More information about the Users
mailing list