[Openswan Users] Destination Host Unreachable.
Igor Widlinski
igor.widlinski at eigendev.com
Thu Sep 25 16:30:48 EDT 2008
Hey guys,
I am having issues with routing. Basically I'm receiving Destination Host
Unreachable from the client when I try to ping networks that are not
specified in leftsubnet ie. external internet (google.ca etc). Basic setup
of the network is as follows:
10.10.10.0/24===10.1.1.2...10.1.1.3;
Logical Setup:
Internet..InternalNet...Nat...OpenSwanServer...Client
Ips:
Client 10.1.1.3
SwanServer: 10.1.1.2
Nat -> 10.1.1.2 to 10.10.10.120
InternalNet 10.10.10.0/24
Internet ??
Basically I can Ping all hosts on 10.10.10.x from the client. So this is
fine. I'd like to be able for the client to be able to access internet
through OpenSwan server, or any other networks that are connected to our
internal network.
.conf file:
conn net1
leftsubnet=10.10.10.0/24
also=base
conn base
authby=secret
ike=3des-md5
esp=3des-md5
pfs=yes
left=10.1.1.2
right=10.1.1.3
auto=add
iptables -L
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
RULE_0 all -- anywhere anywhere state NEW
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
RULE_0 all -- anywhere anywhere state NEW
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
RULE_0 all -- anywhere anywhere state NEW
Chain RULE_0 (3 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level
info prefix `RULE 0 -- ACCEPT '
ACCEPT all -- anywhere anywhere
When pinging google.com from client I receive:
>From xxx (10.1.1.3) icmp_seq=xxx Destination Host Unreachable
I know I am missing something in the configuration, but I have no idea
what it could be. Any help would be appreciated.
Thanks!
Igor Widlinski
More information about the Users
mailing list