[Openswan Users] problems with ping to the other side of the VPN

Paul Wouters paul at xelerance.com
Fri Mar 3 05:13:42 CET 2006

On Wed, 1 Mar 2006, Federico J. Fernández wrote:

> I'm setting up a VPN to some other net (that I don't manage), but I
> have problems pinging boxes at the other side.
> The conection is set up perfect, and from the other gateway the pings works ok.
> I mean, I have two internal networks, mine is and the
> other is From the gateway of the net they can
> ping internal machines in the network. But, from the
> I can't ping (none of the packets arrive) the remote
> machines.

Looks like the vpn gateway for doesnt have ip forwarding
enabled, or is mangling ipsec packets with NAT?

> Following is the output of ipsec auto --up <connection> with a tcpdump
> dumping the ipsec interface at port 500. Tell me if some other info is
> required to be helped.

That won't help. If the remote end is openswan, ask for 'ipsec verify'
and/or 'ipsec barf' output.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list