[Openswan Users] Fwd: Tunnel working "one way only"

Paul Wouters paul at xelerance.com
Mon Apr 2 14:59:30 EDT 2007

On Mon, 2 Apr 2007, Antonio Ávila wrote:

> Hi all, I'm a newbie in ipsec issues, and I'm hanged up with a problem. I
> was able to configure the tunnel, but the tunnel is only working in one way.
> Let me show you the net topology and the configuration files:


> In the right and the left machine iptables are empty and their policies are
> ACCEPT by default. In the Right box I have ip_forward activated.

Not on the machine on the left?

> conn tunnconn
>       type=tunnel
>       left=
>       leftnexthop=
>       right=

Try type=%direct

The situation when using two IPsec machines in the same subnet is fundamentally
different from having two IPsec machines with a box (or a whole internet) in
the middle. If you are doing this for testing a real world deployment, change
the network and add a machine in the middle that's just a router.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list