[Openswan Users] ping problem after VPN has been established

Stefan Guenther openswan at in-put.de
Tue Feb 3 18:23:27 EST 2009 

Hello,

with the help from Peter McGill (thanks!) I was finally able to set up 
my PSK VPN.

Now I face the next problem which again drives me crazy.

The Greenbox VPN Client has the "internal" IP 192.168.1.129, I'm using a 
UMTS card to get online and to establish the VPN. So far, so good.

The gateway on the other side has a static ip address (dsl0 on eth0), 
eth1 (192.168.0.2) is the interface on the LAN side.

When I open the DOS-Box on my laptop and enter

ping 192.168.0.2

I get a timeout, but

tcpdump -n -i dsl0 net 192.168.0.0/16

shows

23:32:37.319285 IP 192.168.1.129 > 192.168.0.4: ICMP echo request, id 
1792, seq 1280, length 40
23:32:42.819861 IP 192.168.1.129 > 192.168.0.4: ICMP echo request, id 
1792, seq 1536, length 40

tcpdump -n -i eth1 net 192.168.0.0/16

produces no output.

YES, /proc/sys/net/ipv4/ip_forward contains a "1".
NO, theere is no firewall active. Of course, normally there is an active 
firewall and I allowed forwarding traffic between the two nets.

Here's again the ipsec.conf:

version 2.0
config setup
         interfaces=%defaultroute
         klipsdebug=none
         plutodebug=none
         uniqueids=yes
         forwardcontrol=yes

conn %default
         keyingtries=1
         disablearrivalcheck=yes
         type=tunnel
         pfs=yes
         authby=secret
         left=%defaultroute
         leftsubnet=192.168.0.0/24
         leftid=217.7.231.xx
         right=%any
         auto=add
         rightid=user at firma.de

conn user
         rightsubnet=192.168.1.129/32

And the routing table:

gateway:/proc # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
192.168.1.129   0.0.0.0         255.255.255.255 UH    0      0        0 dsl0
217.5.98.2      0.0.0.0         255.255.255.255 UH    0      0        0 dsl0
172.172.172.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 dsl0

When I switch on the pluto debugging and then send icmp packets, pluto 
doesn't write any messages into the log file.

What happens to the icmp packets, when they reach dsl0 and why are the 
not forwarded into the LAN??

Thanks for any help or hint.

Stefan

More information about the Users mailing list