[Openswan Users] Fwd: route? problem

Andy Gay andy at andynet.net
Mon Jul 24 17:20:51 CEST 2006 

On Mon, 2006-07-24 at 21:42 +0200, Robin Ericsson wrote:
> Anyone? Any ideas why my source address is wrong over the tunnel?
> 
If your linux box is left, try adding
  leftsourceip=192.168.1.1
to your conn.

(Use rightsourceip = if you're right, of course...)

> 
> regards,
> Robin
> 
> ---------- Forwarded message ----------
> From: Robin Ericsson <lobbin at gmail.com>
> Date: Jul 21, 2006 10:28 PM
> Subject: route? problem
> To: users at openswan.org
> 
> 
> Hi,
> 
> I'm having problems with my tunnel.
> 
> My setup is:
> 1: D-Link DI-824VUP+
> 2: Linux 2.4 with Openswan and Shorewall firewall
> 
> The tunnel goes up without any problems and if I initiate connection
> from the D-Link everything works as it should, ping, tcp connections,
> etc.
> 
> However, if I try to make any move from the Linux side nothing
> happens. I'm not sure if this is due to the Linux side having multiple
> network cards and such?
> 
> D-Link private ip is 192.168.0.1 and network /24.
> Linux setup is eth0 = 192.168.1.1, network/24, eth1 = public ip where
> tunnel is initiated.
> 
> Route looks like this after a successful tunnel:
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> pub.lic.ip.nr   *               255.255.255.240 U     0      0        0 eth1
> pub.lic.ip.nr   *               255.255.255.240 U     0      0        0 ipsec0
> 192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
> 192.168.0.0     pub.lic.gt.wy   255.255.255.0   UG    0      0        0 ipsec0
> 169.254.0.0     *               255.255.0.0     U     0      0        0 eth0
> 127.0.0.0       *               255.0.0.0       U     0      0        0 lo
> default         pub.lic.gt.wy   0.0.0.0         UG    0      0        0 eth1
> 
> As you can see, the route seems ok.
> 
> I've tried checking with tcpdump on the Linux as
> tcpdump -i ipsec0 host 192.168.0.1
> 
> When I ping from 192.168.0.1 I see the ping request and the reply.
> When I ping from the Linux server I see nothing. If I try a tcp
> connect from Linux to 192.168.0.1 it ends up with a SYN_SENT, but the
> funny thing is that the Linux side ip is listed as my public ip, not
> 192.168.1.1 as it should be.
> 
> Any ideas? I know I'm rambling at the moment :)
> 
> --
>         regards,
>         Robin
> 
> 
> -- 
>         regards,
>         Robin
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list