[Openswan Users] Openswan+NetScreen - Phase1+Phase2 Ok - No route - Traffic filtered in ISP
Paul Wouters
paul at xelerance.com
Wed Jan 30 13:26:08 EST 2008
On Wed, 30 Jan 2008, Alejandro Alfonso wrote:
> 004 "myconn" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
> {ESP=>0x7d72da83 <0x304bd4a9 xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none}
> >From 192.168.153.1 icmp_seq=2 Packet filtered
>
> As you see... its no using IPSec tunnel, and ISP drop ClassB traffic
It would use it, but after the point where either tcpdump or iptables
can do anything. Drop the filter and check that your tunnel works.
Easiest is to see incoming encrypted and decrypted pings arriving,
because netkey won't allow you to see encrypted outgoing packets.
Paul
More information about the Users
mailing list