[Openswan Users] traffic only being encrypted one way

Paul Wouters paul at xelerance.com
Fri Mar 16 13:22:03 EDT 2007

On Fri, 16 Mar 2007, Bob Benstro wrote:

> I have two Linux boxes, connected via openswan.  The tunnel starts up
> correctly, routes are visable, and everything seems to be ok.
> >From the remote side, I can easily connect to my excruded subnet without
> issue.  For example, I have excruded, and I can connet to
> .50, .60, .1 without issue.  I can initiate TCP connections, there are no
> problems.  ICMP works fine too.
> However, when I try to initiate a connecton from the local side, I can not
> connect to the remote side's IP.  The route is visible via ip route or route
> command, but the traffic simply leaves the routed interface without
> encryption.

Most often this is due to the vpn server not being the default gateway, and
the local subnet sending the traffic for the vpn to the default gateway,
instead of the vpn server.

I wouldn't be able to say what's wrong in your case without seeing more of
the network structure.
Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list