[Openswan Users] Fwd: route? problem
andy at andynet.net
Mon Jul 24 17:20:51 CEST 2006
On Mon, 2006-07-24 at 21:42 +0200, Robin Ericsson wrote:
> Anyone? Any ideas why my source address is wrong over the tunnel?
If your linux box is left, try adding
to your conn.
(Use rightsourceip = if you're right, of course...)
> ---------- Forwarded message ----------
> From: Robin Ericsson <lobbin at gmail.com>
> Date: Jul 21, 2006 10:28 PM
> Subject: route? problem
> To: users at openswan.org
> I'm having problems with my tunnel.
> My setup is:
> 1: D-Link DI-824VUP+
> 2: Linux 2.4 with Openswan and Shorewall firewall
> The tunnel goes up without any problems and if I initiate connection
> from the D-Link everything works as it should, ping, tcp connections,
> However, if I try to make any move from the Linux side nothing
> happens. I'm not sure if this is due to the Linux side having multiple
> network cards and such?
> D-Link private ip is 192.168.0.1 and network /24.
> Linux setup is eth0 = 192.168.1.1, network/24, eth1 = public ip where
> tunnel is initiated.
> Route looks like this after a successful tunnel:
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> pub.lic.ip.nr * 255.255.255.240 U 0 0 0 eth1
> pub.lic.ip.nr * 255.255.255.240 U 0 0 0 ipsec0
> 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
> 192.168.0.0 pub.lic.gt.wy 255.255.255.0 UG 0 0 0 ipsec0
> 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
> 127.0.0.0 * 255.0.0.0 U 0 0 0 lo
> default pub.lic.gt.wy 0.0.0.0 UG 0 0 0 eth1
> As you can see, the route seems ok.
> I've tried checking with tcpdump on the Linux as
> tcpdump -i ipsec0 host 192.168.0.1
> When I ping from 192.168.0.1 I see the ping request and the reply.
> When I ping from the Linux server I see nothing. If I try a tcp
> connect from Linux to 192.168.0.1 it ends up with a SYN_SENT, but the
> funny thing is that the Linux side ip is listed as my public ip, not
> 192.168.1.1 as it should be.
> Any ideas? I know I'm rambling at the moment :)
> Users at openswan.org
> Building and Integrating Virtual Private Networks with Openswan:
More information about the Users