[Openswan Users] Problems with a tunnel

Michael Schwartzkopff misch at multinet.de
Tue May 10 22:01:29 CEST 2005


> Hi Michael (no not me, you),
>
> I would take a good look at the returning ICMP packet.  The most obvious
> suggestion is that the returning packet does not look like what your
> (presumably stateful) firewall is expecting.  Perhaps the pinged client
> is sending out dud checksums or returning the packet from another
> interface and hence IP address.

> Capture the packets with something like "tcpdump -i <dev> -s 2000 -w
> icmp.cap -p icmp" and have a look at it in ethereal.

> Cheers,
> Michael (no not you, me).
 

Hi Michael (you !)

firewall looks like: 
iptables -I FORWARD -i ipsec0 -j ACCEPT and
iptables -I FORWARD -o ipsec0 -j ACCEPT

So this cannot be the problem. If I watch iptables -nvL FORWARD then I see 
this rule beeing triggered. Any other ideas ?

Thanks, Michael.


More information about the Users mailing list