[Openswan Users] VPN Traffic Not Routed

Matthew Richer matthew at velocitecinc.com
Tue Aug 22 09:59:19 EDT 2006 

Hello,

 

Although this may not be an OpenSwan question directly it is VPN related.
Below is my network setup.

 

Gateway --- Bridge --- Office Subnet (.224/28)

               |

               |

               |

            VPN (OpenSwan)

 

G/W IP:     .225

Bridge IP:  .233

My IP:      .229

NetMask:    255.255.255.240 (/28)

 

Now what I was trying to setup was the ability for me to take my box home
sometimes set it up on my internal network and VPN into the bridge and
recapture my old office IP. (.229).  The connection establishes ok, and I
get my IP ok.  

 

Here comes the weird parts :P.

 

Ping From Home To Bridge (.229 -> .233)         OK

Ping From Bridge To Home (.233 -> .229)         FAILED

Ping From Other To Home  (.234 -> .229)         FAILED

 

TCPDump On ppp0         (.229 -> .233)         No Traffic Displayed But Ping
Works ?

TCPDump On ppp0         (.233 -> .229)         Outgoing packet shown, no
response, ping fails

TCPDump On ppp0         (.234 -> .229)         No Traffic Displayed,
Destination Host Unreachable, ping fails

 

Furthermore, I can ping the bridge from home but I can't ping my pc (at
home) from any PC on the subnet (bridge included) any other PC in the subnet
and any pc on the subnet cannot ping my ip.  When I do a TCPdump I can see
traffic on ppp0 but nothing-related on br0.

 

Just for some more background information, the bridge is essentially just
transparently doing HTTP caching, POP3/SMTP scanning, and firewalling.  I'll
tested pings without any firewall rules in place so I know its not a
firewall issue. (ACCEPT on the forward/input/output chains).  I'm running on
the 2.6 kernel with OpenSwan 2.0 but I doubt that matters since the VPN
establishes fine.

 

Any ideas?

 

ROUTE INFO FOR BRIDGE (NO VPN CONNECTED):

 

Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface

XXX.XX.XXX.224  0.0.0.0         255.255.255.240 U     0      0        0 br0

0.0.0.0         XXX.XX.XXX.225  0.0.0.0         UG    0      0        0 br0

 

ROUTE INFO FOR BRIDGE (VPN CONNECTED):

 

Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface

XXX.XX.XXX.229  0.0.0.0         255.255.255.255 UH    0      0        0 ppp0

MY.HOME.245.173 XXX.XX.XXX.225  255.255.255.255 UGH   0      0        0 br0

XXX.XX.XXX.224  0.0.0.0         255.255.255.240 U     0      0        0 br0

0.0.0.0         XXX.XX.XXX.225  0.0.0.0         UG    0      0        0 br0

 

 

 

Matt.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060822/a87a6bdf/attachment-0001.html

More information about the Users mailing list