[Openswan Users] Openswan or general routing problem?

Paul Wouters paul at xelerance.com
Fri Apr 21 19:27:08 CEST 2006

On Fri, 21 Apr 2006, Andy Coates wrote:

> got no problems in general now setting up IPSEC connections, and the machine
> itself has no problem communicating with hosts on the remote subnets, but
> the machine is also acting as a gateway and other machines using this
> gateway can't seem to reach the remote subnets.

this usually means either ip forwarding is not enabled, or the NAT rules
are rewriting (and breaking) the IPsec packets.

> So from the gateway itself all packets to the remote subnet via the IPSEC
> tunnel are fine, but any packets being forwarded on seem to take the routing
> entry setup by the IPSEC connection literally, i.e.
> internal ~ # netstat -rn | grep 192.168.2
> UG       0 0          0 eth0

Are you using klips? If you use netkey, routes do not matter. If you use klips,
then a route ito ipsecX should be there.

Does your gateway work with a seperate conn? Or did you use a leftsourceip= ?

> Am I missing something really simple I've just not thought about?  The only
> difference between this and a working gateway I also have is that it uses
> the older kernel and freeswan and has the ipsec0 interface.

You might need different firewall settings if you had ipsecX interfaces before.


Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list