[Openswan Users] [Tunnel established, no traffic]

[Ralf Guenthner]

Paul Wouters wrote:
> > Can you run "ipsec verify" ?
> > Are you sure there are no firewall rules in INPUT, OUTPUT, FORWARD,
PREROUTING
> > and POSTROUTING? Is IP forwarding enabled?

ipsec verify
Checking your system to see if IPsec got installed and started correctly
Version check and ipsec on-path                             [OK]
Checking for KLIPS support in kernel                        [OK]
Checking for RSA private key (/etc/ipsec.secrets)           [OK]
Checking that pluto is running                              [OK]
DNS checks.
Looking for forward key for ditagmgw-new                    [OK]
Looking for KEY in reverse map: 35.194.227.193.in-addr.arpa [OK]
Does the machine have at least one non-private address      [OK]
ditagmgw-new:~ # iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

This gateway has another permanent VPN with another site running with no
problems, so forwarding is okay.

Everything looks good, right? I tend to think the problem is on the
other gateway to which I will have access again tomorrow. I will use the
same commands there (also klipsdebug) and then get back to you.

Thanks
Ralf