[Openswan Users] strange behavior, need advice
Paul Wouters
paul at xelerance.com
Thu Sep 15 06:19:38 CEST 2005
On Tue, 13 Sep 2005, jarek wrote:
> I have an openswan gateway with a static public ip
> and a user behind nat
>
> user-------------------nat-router--------------------------openswan-router------------------------host
> 192.168.5.180-----192.168.5.1/x.x.x.x-public-ip======195.4.xx.xx/192.168.0.0/24-------192.168.0.142/32
> ============================tunnel===============================
> IP (tos 0x0, ttl 49, id 18001, offset 0, flags [none], proto: UDP (17),
> length: 160) 195.4.xx.xx.4500 > 192.168.5.180.4500: UDP-encap:
> ESP(spi=0x0c0721e4,seq=0x4a), length 132
> the firewall is down on the users pc
> so why does ping not receive the answer packets?
Perhaps IP forwarding is disabled, or rp_filter is enabled? Or the
openswan router NAT's the incoming packet? Please run 'ipsec verify'
to check for this.
Paul
More information about the Users
mailing list