[Openswan Users] No packets forwarded in a stablished connection
petermcgill at goco.net
Mon Jun 2 09:58:32 EDT 2008
I can think of several causes.
1) You do not have forwarding enabled in your kernel.
cat /proc/sys/net/ipv4/ip_forward Should show 1
Else add the following to your startup scripts:
echo "1" > /proc/sys/net/ipv4/ip_forward
2) Your blocking traffic with your firewall.
Check that you allow the tunneled IPSec traffic.
iptables -t filter -L -n -v
iptables -t nat -L -n -v
iptables -t mangle -L -n -v
iptables -t raw -L -n -v
3) You didn't include your lan subnet's in the conn.
cat /etc/ipsec.conf (You may hide your key info.)
If you don't see the problem with what I've suggested,
the quickest/easiest way to solve would be to send an
ipsec barf > ipsec_barf.txt attached in reply.
If you send a barf don't bother with the other info,
it's all included in the barf. Barfs include a lot of
significant ipsec and networking information to debug.
FYI, barfs do include your ip addresses, but do not
include your keys, so you may wish to send only to
those requesting rather than the whole list.
The list members may also appreciate not receiving
the large files...
IT Systems Analyst
Gra Ham Energy Limited
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On Behalf Of Carles Bonfill
Sent: June 2, 2008 9:12 AM
To: users at openswan.org
Subject: [Openswan Users] No packets forwarded in a stablished connection
i just configured a VPN connection with OpenSwan 2.4.5. My goal is have a gateway where multiple roadwarriors could connect.
My openswan gateway is behind a router doing nat. I have successfully connect a vpn client (Greenbow) bahing another router
doing nat, and the connection is established with apparentetly no errors in logs.
When i try to ping from roadwarrior to any inside host, i got no responses. I tcpdumped ipsec interface, and i see the echo
packet, but i can't see the same echo packed in the ethernet interface connected to the lan. So, i have a problem in the process of
forwarding inside the openswan gateway.
Any idea where is the mistake?
Thanks in advance for any help.
More information about the Users