[Openswan Users] No packets forwarded in a stablished connection
Carles Bonfill Asperó
carles at bonfill.com
Mon Jun 2 10:23:29 EDT 2008
Thanks for your fast answer Peter,
you are right, all that configuration must be set to forward packets. I had
already set it.
I have now my environtment working. I missed this line in my configuration:
leftsubnet=vhost:%no,%priv
Now packets are forwarding well. I don't know why yet, I need more reading.
I hope it could help any other.
Carles.
2008/6/2 Peter McGill <petermcgill at goco.net>:
> Carles,
>
> I can think of several causes.
> 1) You do not have forwarding enabled in your kernel.
> cat /proc/sys/net/ipv4/ip_forward Should show 1
> Else add the following to your startup scripts:
> echo "1" > /proc/sys/net/ipv4/ip_forward
> 2) Your blocking traffic with your firewall.
> Check that you allow the tunneled IPSec traffic.
> iptables -t filter -L -n -v
> iptables -t nat -L -n -v
> iptables -t mangle -L -n -v
> iptables -t raw -L -n -v
> 3) You didn't include your lan subnet's in the conn.
> cat /etc/ipsec.conf (You may hide your key info.)
>
> If you don't see the problem with what I've suggested,
> the quickest/easiest way to solve would be to send an
> ipsec barf > ipsec_barf.txt attached in reply.
> If you send a barf don't bother with the other info,
> it's all included in the barf. Barfs include a lot of
> significant ipsec and networking information to debug.
> FYI, barfs do include your ip addresses, but do not
> include your keys, so you may wish to send only to
> those requesting rather than the whole list.
> The list members may also appreciate not receiving
> the large files...
>
>
> Peter McGill
> IT Systems Analyst
> Gra Ham Energy Limited
>
>
>
>
> ________________________________
>
> From: users-bounces at openswan.org [mailto:users-bounces at openswan.org]
> On Behalf Of Carles Bonfill
> Sent: June 2, 2008 9:12 AM
> To: users at openswan.org
> Subject: [Openswan Users] No packets forwarded in a stablished
> connection
>
>
> Hi all,
>
> i just configured a VPN connection with OpenSwan 2.4.5. My goal is
> have a gateway where multiple roadwarriors could connect.
>
> My openswan gateway is behind a router doing nat. I have
> successfully connect a vpn client (Greenbow) bahing another router
> doing nat, and the connection is established with apparentetly no errors in
> logs.
>
> When i try to ping from roadwarrior to any inside host, i got no
> responses. I tcpdumped ipsec interface, and i see the echo
> packet, but i can't see the same echo packed in the ethernet interface
> connected to the lan. So, i have a problem in the process of
> forwarding inside the openswan gateway.
>
> Any idea where is the mistake?
>
> Thanks in advance for any help.
>
> Carles.
>
>
>
>
> Carles
>
>
>
>
--
Carles Bonfill Asperó
Enginyer Superior de Telecomunicacions
Núm Col·legiat: 14763
Mòbil: +34 678 90 15 68
Email: carles at bonfill.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080602/500ed47f/attachment.html
More information about the Users
mailing list