[Openswan Users] Ping problem LAN-to-LAN
Paul Wouters
paul at xelerance.com
Wed Feb 21 09:53:27 EST 2007
On Wed, 21 Feb 2007, huarito huaritex wrote:
> /sbin/iptables -A INPUT -p udp --sport 4500 --dport 4500 -j ACCEPT
> /sbin/iptables -A OUTPUT -p udp --sport 4500 --dport 4500 -j ACCEPT
Note that because this is used when NAT is active, the source port is
not neccessarilly 4500, as it could be NAT'ed by the nat device to a random
high port. So this rule is wrong. You should leave out the --sport 4500
part.
> conn net-net
Looks okay. What does ipsec verify say? What do the logs say?
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list