[Openswan Users] ping test fails, who is providing the route?
Brian Candler
B.Candler at pobox.com
Thu Jun 15 10:25:50 CEST 2006
On Wed, Jun 14, 2006 at 05:46:12PM -0400, Charles Tompkins wrote:
> I am now trying to troubleshoot ill-connectivity with the ping test.
> Pinging from the raodwarrior to the gateway is good!
Clearly, then, traffic is working in both directions.
> Pinging from the
> gateway to the roadwarrior is not working. Dumps on the roadwarrior show
> that it is receiving the ping and replying, but they do not make it back to
> the gateway...
Then you have to determine what's different in the replies which means
they're not making it down the tunnel, when an outbound echo request *does*
make it down the tunnel.
In particular, compare the source IP addresses of the two cases.
> The million dollar question is "Does Openswan or the LNS provide the route
> info for the connection?"
That's a strange question, and pretty irrelevant.
If you are using L2TP over IPSEC transport mode (which you didn't explicitly
specify), then an L2TP/PPP session is set up between the two endpoints. The
LNS will assign a single IP address to the remote endpoint using IPCP, and
the remote endpoint generally points defaultroute down the PPP session. No
other routes are set up.
So when you ping the gateway from the roadwarrior, make sure (a) that
defaultroute points down the PPP interface, and (b) the ping has a source IP
address which is the address of the PPP interface.
Brian.
More information about the Users
mailing list