[Openswan Users] traffic only being encrypted one way

Bob Benstro bbenstro at gmail.com
Fri Mar 16 11:50:38 EDT 2007


I have two Linux boxes, connected via openswan.  The tunnel starts up
correctly, routes are visable, and everything seems to be ok.

>From the remote side, I can easily connect to my excruded subnet without
issue.  For example, I have 192.168.0.0/24 excruded, and I can connet to
.50, .60, .1 without issue.  I can initiate TCP connections, there are no
problems.  ICMP works fine too.

However, when I try to initiate a connecton from the local side, I can not
connect to the remote side's IP.  The route is visible via ip route or route
command, but the traffic simply leaves the routed interface without
encryption.  For example, I have 192.168.15.90 excruded to the local side,
its IP shows via 'route' as being routed to the ppp0 device.  However, mtr
or traceroutes show all the traffic simply flying out ppp0 unencrypted, in a
doomed-to-fail attempt to reach .90 via the open net.

Since traffic is functioning correctly when initiated one way, something
quite weird is definitely happening.  Does anyone have any obviously
overlooked suggestions for me, prior to getting arm deep into configuration,
iptables and route configuration?  As a side note, this box does support
windows clients successfully.  There are currently a half dozen connected
right now, encryption functioning both ways, in an L2TP/ipsec config.

I've looked at my NAT settings, and I do not see how output to
192.168.15.90could be hit by a NAT rule of any sort.

Any help appreciated, please CC me, I'm not on the list!

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070316/97d9c4a0/attachment.html 


More information about the Users mailing list