[Openswan Users] Packets not passing through Tunnel

Khan, Hammad Aslam raohammad at gmail.com
Wed Mar 12 02:11:11 EDT 2008

I already have enabled ip forwarding;
My Setup is like;

my private                                      my gateway
remote gw (cisco vpn 3000)               remote private
-------------------------------                     ----------------------
       |                            |
|                             |                              |
                    |                   |  ===     (eth0)   >>*><*<<        ?.?.?.? ====    |
|                                        |
|                              |                     |                   |
------------------------------                      ----------------------

*My Config file*
config setup

conn nattelenor
         authby=secret                   # secret key
         left=             # my external, internet-routable ip
address, provided by NAT box=
         right=              # my peer's external,
internet-routable ip address=

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

*My ipsec verify result*

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.9/K2.6.18-1.2798.fc6 (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects
  or NETKEY will cause the sending of bogus ICMP redirects!

NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
  or NETKEY will accept bogus ICMP redirects!

Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing                                  [OK]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]


On Tue, Mar 11, 2008 at 10:56 PM, Peter McGill <petermcgill at goco.net> wrote:

>  Did you add leftsourceip=leftlanip and rightsourceip=rightlanip?
> Without them you can only ping hosts other than the ipsec gateway,
> on the remote lan, and only from hosts on the local lan not the local
> ipsec gateway.
> Show us your ipsec.conf and ipsec verify.
> Peter McGill
>  ------------------------------
> *From:* users-bounces at openswan.org [mailto:users-bounces at openswan.org] *On
> Behalf Of *Khan, Hammad Aslam
> *Sent:* March 11, 2008 1:45 PM
> *To:* users at openswan.org
> *Subject:* [Openswan Users] Packets not passing through Tunnel
>   Hello everyone,
> My tunnel has been successfully established (both ISAKMP and IPSEC are
> UP);
> but when I try to ping/telnet remote end's private network PC i dont get
> any response.,
> Using *tcpdump -i eth0 *(which is my public interface of GW) it shows that
> GW is querying internet for remote-private-nw using ARP. No ESP packets are
> seen...
> I added a route of
> # route add <remote-private-ip> gw <remote-public-ip>
> ...but still, i see the same result?
> Please help.
> Regards,
> Hammad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080312/28ddbb40/attachment-0001.html 

More information about the Users mailing list