[Openswan Users] What needs to be done to route data across ipsec interface?
Eduan Basson
eduan at multenet.com
Tue Nov 18 09:05:12 EST 2008
Hi List
I need your help with trying to debug my connection between Linux and
Windows.
I can establish an ipsec connection between my linux 2.4 running
openswan and a Windows 2003 server, but I can't send any data across the
ipsec0/NPF_GenericDiailupAdapter interfaces. I think this must be
iptables or routing related.
What is the best practice for routing? Currently I set up a static route
to the IPSEC/VPN server via my unencrypted interface (eth0 or ppp0,
depending on whether I dial-up or not), and then I start openswan. After
successfully completing quick mode 2, openswan automatically replaces
this route with a static route to the IPSEC/VPN server via the encrypted
interface (ipsec0). But my problem is, now I can't send any data to that
server, because nothing will flow over ipsec0. If I manually remove this
route and add one over the unencrypted interface, I can ping my server,
but I can't netcat to port 1701 (for l2tp VPN) - no idea why. Shouldn't
this be possible? And likewise, shouldn't it be possible across the
encrypted interface as well?
All my iptables policies are set to ACCEPT, until I can figure out how
to fix this issue. Is this enough to make sure that iptables isn't
responsible for this blockage?
Any help will be greatly appreciated.
Eduan Basson
More information about the Users
mailing list