[Openswan Users] No packets forwarded in a stablished connection

Carles Bonfill Asperó carles at bonfill.com
Mon Jun 2 10:23:29 EDT 2008

Thanks for your fast answer Peter,

you are right, all that configuration must be set to forward packets. I had
already set it.

I have now my environtment working. I missed this line in my configuration:


Now packets are forwarding well. I don't know why yet, I need more reading.

I hope it could help any other.


2008/6/2 Peter McGill <petermcgill at goco.net>:

> Carles,
> I can think of several causes.
> 1) You do not have forwarding enabled in your kernel.
>        cat /proc/sys/net/ipv4/ip_forward Should show 1
>        Else add the following to your startup scripts:
>        echo "1" > /proc/sys/net/ipv4/ip_forward
> 2) Your blocking traffic with your firewall.
>        Check that you allow the tunneled IPSec traffic.
>        iptables -t filter -L -n -v
>        iptables -t nat -L -n -v
>        iptables -t mangle -L -n -v
>        iptables -t raw -L -n -v
> 3) You didn't include your lan subnet's in the conn.
>        cat /etc/ipsec.conf (You may hide your key info.)
> If you don't see the problem with what I've suggested,
> the quickest/easiest way to solve would be to send an
> ipsec barf > ipsec_barf.txt attached in reply.
> If you send a barf don't bother with the other info,
> it's all included in the barf. Barfs include a lot of
> significant ipsec and networking information to debug.
> FYI, barfs do include your ip addresses, but do not
> include your keys, so you may wish to send only to
> those requesting rather than the whole list.
> The list members may also appreciate not receiving
> the large files...
> Peter McGill
> IT Systems Analyst
> Gra Ham Energy Limited
> ________________________________
>        From: users-bounces at openswan.org [mailto:users-bounces at openswan.org]
> On Behalf Of Carles Bonfill
>        Sent: June 2, 2008 9:12 AM
>        To: users at openswan.org
>        Subject: [Openswan Users] No packets forwarded in a stablished
> connection
>        Hi all,
>        i just configured a VPN connection with OpenSwan 2.4.5. My goal is
> have a gateway where multiple roadwarriors could connect.
>        My openswan gateway is behind a router doing nat. I have
> successfully connect a vpn client (Greenbow) bahing another router
> doing nat, and the connection is established with apparentetly no errors in
> logs.
>        When i try to ping from roadwarrior to any inside host, i got no
> responses. I tcpdumped ipsec interface, and i see the echo
> packet, but i can't see the same echo packed in the ethernet interface
> connected to the lan. So, i have a problem in the process of
> forwarding inside the openswan gateway.
>        Any idea where is the mistake?
>        Thanks in advance for any help.
>        Carles.
>        Carles

Carles Bonfill Asperó

Enginyer Superior de Telecomunicacions
Núm Col·legiat: 14763
Mòbil: +34 678 90 15 68
Email: carles at bonfill.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080602/500ed47f/attachment.html 

More information about the Users mailing list