[Openswan Users] Tunnel issue?

tvsjr tvsjr at sprynet.com
Thu Oct 13 01:45:14 CEST 2005

I've managed to get Openswan 2.4.0 on my Centos 4.1 box. unfortunately, I'm
having tunnel issues and I'm just about out of ideas.

Left: IPcop firewall, latest version (runs Openswan 1)

Right: Centos 4.1 box, running Openswan 2.4.0 + KLIPS + NAT-T patch.


I can watch both machines side-by-side.


I can ping from a box on the right network ( to a box on the
left network ( I see the echo request leaving the right
Centos box on the ipsec0 interface. I see it arrive on the IPcop firewall
(also ipsec0 interface) and a response get issued across the interface.
Unfortunately, I never see the echo response on the right Centos box.


I'm seeing a good "IPSec SA established" message on connection, and I've got
debug turned up and can see the DPD messages/acks being passed back and
forth, so I'm assuming the tunnel is operating properly.


Although the addresses are excluded in the NAT mangling, I'm assuming that
looking at the ipsec0 interface should show me if data is coming back, even
if the packet is getting mangled lately.


I'm out of ideas on this one. Help!




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20051013/9fdddc43/attachment-0001.htm

More information about the Users mailing list