[Openswan Users] traffic won't go into the tunnel

Bob Miller bob at computerisms.ca
Wed Oct 31 14:35:02 EDT 2007


Hello:
I have been trying for some time now to solve this issue, and I am
finding it very difficult to figure out how to troubleshoot this.
The essential problem is that I can get a subnet to subnet tunnel
established, but I cannot get any traffic to go through the tunnel.  For
example, once the tunnel is up, if I traceroute to the remote subnet,
the packet goes out to the internet at large.  Both ends are debian
boxes with 2.6.22 kernel and openswan 2.4.8.
I have been reading all over, and from that I am fairly certain I have a
firewall issue or a secrutiy association/policy issue.  From what I
understand, whether the packet enters the tunnel is a function of the
security policy/associations, and not the firewall, however, from all
the man pages, articles, how-to's, and how-not-to's I have read, I have
the associations and policies set up correctly.
I even went so far as to try the ipsec-tools method, and ran into the
exact same issue, tunnel comes up and appears to be established, but
nothing routes into it.  
What I am hoping to find is some kind of information (documentation or
explanation) on troubleshooting the security policies/associations,
and/or some more detailed info on how one should be setting up his
iptables.  I know it has to do with the mangle table, but nothing I have
tried so far has worked - which is to be expected if the reason the
packets don't enter the tunnel has nothing to do with iptables.  I
apologize if such an article is in existence, but if it is, it has not
made itself apparent to me, and I would greatly appreciate a pointer to
it.
I can provide any information necessary regarding my setup, but I really
would prefer an understanding instead of a fix.  However, if the best
understanding is going to be achieved from playing with a working
system, then a fix is just as valuable.
Thank you...



More information about the Users mailing list