[Openswan Users] Routing problem with NETKEY
demi at futuremark.com
Thu Aug 3 09:26:53 EDT 2006
Apologies if this subject has been discussed before, but I spent a few
days going through the archives, and though I found similar problems,
I could not find exactly the same as mine, nor did any of the proposed
solutions help me.
My setup is a simple network to network tunnel, from a openswan/netkey
linux to a linksys rv042,
The tunnel comes up fine. However, I can only send packets from the left
gateway (126.96.36.199) to the right network (10.10.1.0/24). Any
packets sent from the left network to the right network go through normal
routing and are passed along unencrypted. Any packets sent from the right
network to the left network do arrive at the gateway machine, but
after decryption they appear in the INPUT chain, not the FORWARD chain
and thus are not passed forward. (I checked this by MARKing the packets and
then adding match rules to both forward and input, and the input counter grew).
To make things really bizarre, any icmp traffic sent from the right
network to the left network goes through the tunnel as it should. Same
is true for the other direction. Only udp and tcp traffic (the only
protocols I tried) fail to go through the tunnel as they should.
My left setup is as follows:
My left gateway has three interfaces,
The defaultgw, 188.8.131.52 lies behind eth2. As may be apparent,
I use proxy arp. Just in case something got confused by the overlapping
networks, I used IPs that can only be present in the internal network (eth0),
such as .1 and .2 for testing.
Any ideas would be greatly appreciated.
Jani Joki Senior Technical Manager Futuremark Corporation
jani.joki at futuremark.com +358 20 759 8264 www.futuremark.com
More information about the Users