[Openswan Users] No ipsec0 interfaces in routeing table

jack jrlowry376 at adelphia.net
Fri Jul 7 15:54:22 CEST 2006 

Hmm that strange poping sound is my head coming out of ....

I just read my message and I've misstated a what I get when I tcpdump on 
the inside interface.

The inside interface show the source of 192.168.103.16 and a destination 
of 172.16.25.8. Outside of the firewall I see packets in the clear with 
a source address fo 69.174.129.33 and a destination address of 172.16.25.8.

So I'm still wondering is there something outside of the ipsec.conf to 
cause a specific combination of source and destination IP address to get 
encrypted?
Jack Lowry wrote:
> I tcpdump the inside interface and I see the packets with the a 
> 192.168.3.16 as the source and 69.174.129.33 as the destination. This 
> looks okay.
>
> Running tcpdump on the outside interface I see packets with 
> 69.174.129.33 as the source and 172.16.25.8 as the destination.  Hmm 
> are the packets getting natted before the get the chance to be encrypted?
>
> Routing is turned on (the rest of the family goes through this gateway 
> to surf, IRC, AIM, etc.)
>
> a barf, ifconfig and route table are attached.
>
> I'm thinking I might need to look at iptables stuff.
>
>
> ted leslie wrote:
>
>> and you tcpdump from the VPN point?
>> and the packets show a source  of 192.168.3.0/24
>> and a target/dest on 172.16.24.0/21
>>
>> if it does, then it should match the rule and be routed,
>> i was thinking you were testing from the VPN machine, and thus you 
>> would need to have SNAT'd
>>
>>
>> I guess you have routing turned on? as that gateway routes non-vpn 
>> packets just fine?
>>
>> you probably want to post your
>>
>> "netstat -rn"
>> and "ifconfig -a"
>>
>> -tl
>>
>>
>>
>>
>> On Wed, 05 Jul 2006 16:11:50 -0400
>> jack <jrlowry376 at adelphia.net> wrote:
>>
>>  
>>
>>> I test from a linux box on the private lan behind the openswan VPN 
>>> gateway.
>>> I use ssh and connect to 172.16.25.8.
>>>
>>> I'll submit a barf after I get home and switch gateways.
>>>
>>> ted leslie wrote:
>>>   
>>>> when you attempt your test conenction,
>>>> are you doing that from the openswan server or from one of the 
>>>> hosts on the private-lan behind the VPN gateway?
>>>> explain what exactly you are doing to test this connection.
>>>>
>>>>
>>>>
>>>>
>>>> you might also want to post your barf
>>>>
>>>> ipsec barf
>>>>
>>>> as it has more info
>>>> -tl
>>>>
>>>>
>>>>
>>>>     
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

More information about the Users mailing list