[Openswan Users] One way tunnel

lewis shobbrook mylists at blue-matrix.org
Sun Mar 4 22:03:23 EST 2007

 Hi all,

I've set-up a tunnel between an openwrt White Russian 0.9 release and debian
sid with openswan 2.4.6 with a 2.6.17 kernel.

First digression to note is that I have had this combination working
previously prior to WR 0.9.

The tunnel works from the wrt end, through put is perfectly stable.
from the debian end I am unable to ping through the tunnel with errors
...reply from X.X.X.X destination net unreachable.
x.x.x.x is the next hop to the DSL router connected to the debian box, i.e.
gateway to gateway.

This leads me to suspect that new traffic from the debian end is being
forwarded unencrypted.

Other tunnels on the Debian box are OK.

 Subnet A <==>DEB<=>SHDSL <======================> CABLE MODEM<=>
WRT==>Subnet B

In brief subnet B can access subnet A, but subnet A cannot access B.
Nothing trapped in firewall logs.

The route table is correct... Although it should be noted that  tunnels look
like they should.

Other thing to note is that  traceroutes to and from the wrt to the debian
ends indicate different IP for the nexthop on the wrt side.
When using the alternate nexthop address from the debian end in both conf
files, the tunnel succeeds, but automatic addition of the associated route
fails at the wrt end.
Creating the route manually at the wrt end, results in successful throughput
to the B subnet (wrt) to A Subnet (deb), but alas nothing from the A end to
the B.

Has anyone ever seen such an anomoly?

I'm wondering if it might have something to do with the protocol 4 bug in
2.6.17 that has been reported previously?

I've had to modify iptables on this box to accomodate the IP in IP
protocol bug.

Running out of ideas, anyone have any suggestions?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070305/aa9f6346/attachment-0001.html 

More information about the Users mailing list