[Openswan Users] problems with ping to the other side of the VPN

Paul Wouters paul at xelerance.com
Fri Mar 3 05:13:42 CET 2006


On Wed, 1 Mar 2006, Federico J. Fernández wrote:

> I'm setting up a VPN to some other net (that I don't manage), but I
> have problems pinging boxes at the other side.
>
> The conection is set up perfect, and from the other gateway the pings works ok.
>
> I mean, I have two internal networks, mine is 192.168.1.0 and the
> other is 192.168.0.0. From the gateway of the 192.168.0.0 net they can
> ping internal machines in the 192.168.1.0 network. But, from the
> 192.168.1.1 I can't ping (none of the packets arrive) the remote
> machines.

Looks like the vpn gateway for 192.168.0.0 doesnt have ip forwarding
enabled, or is mangling ipsec packets with NAT?

> Following is the output of ipsec auto --up <connection> with a tcpdump
> dumping the ipsec interface at port 500. Tell me if some other info is
> required to be helped.

That won't help. If the remote end is openswan, ask for 'ipsec verify'
and/or 'ipsec barf' output.

Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list