[Openswan Users] traffic only being encrypted one way
Bob Benstro
bbenstro at gmail.com
Fri Mar 16 13:56:33 EDT 2007
>
> On Fri, 16 Mar 2007, Bob Benstro wrote:
>
> >* I have two Linux boxes, connected via openswan. The tunnel starts up
> *>* correctly, routes are visable, and everything seems to be ok.
> *>*
> *>* >From the remote side, I can easily connect to my excruded subnet without
> *>* issue. For example, I have 192.168.0.0/24 excruded, and I can connet to
> *>* .50, .60, .1 without issue. I can initiate TCP connections, there are no
> *>* problems. ICMP works fine too.
> *>*
> *>* However, when I try to initiate a connecton from the local side, I can not
> *>* connect to the remote side's IP. The route is visible via ip route or route
> *>* command, but the traffic simply leaves the routed interface without
> *>* encryption.
> *
> Most often this is due to the vpn server not being the default gateway, and
> the local subnet sending the traffic for the vpn to the default gateway,
> instead of the vpn server.
>
>
I'm not sure what you mean. It seems weird that you've removed from my
quoted material above, the text that provides information showing this isn't
the case.
Anyhow, as I mentioned, the traffic is indeed leaving the correctly routed
interface as it should be. The only problem is that the traffic leaving
that interface is not encrypted. It is, however, leaving the interface it
should be leaving, in order to reach the remote box. My local subnet and
its default route is not in question, as I am performing all tests on the
VPN box itself, so no need to worry there.
I wouldn't be able to say what's wrong in your case without seeing more of
> the network structure.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070316/a4d3f952/attachment.html
More information about the Users
mailing list