[Openswan Users] Tunnel up but packets not forwarded to internal iface. Please help.
Piotr Isajew
p.isajew at telecommedia.pl
Fri Jan 9 10:12:43 EST 2009
On Fri, Jan 09, 2009 at 09:53:51AM -0500, Paul Wouters wrote:
> You should not need to use 'setkey' for ANYTHING when using openswan.
Hi Paul,
that's strange. I noticed that setkey -DP originally showed that only
"out" policy was defined (as if openswan would define it implicitly):
192.168.3.0/24[any] 192.168.1.0/24[any] any
out ipsec
esp/tunnel/62.89.67.100-217.8.185.140/unique#16389
created: Jan 9 14:41:40 2009 lastused: Jan 9 15:59:54 2009
lifetime: 0(s) validtime: 0(s)
spid=1865 seq=3 pid=17005
refcnt=6
and the result was as I described previously, so outgoing packets from
my network were received at the destination host, reply received on my
external interface but not on internal.
When I defined "in" policy by hand, setkey -DP showed all of "in",
"out", and "fwd" policies defined, and source host started to receive
response packets. Maybe it's something not directly related to
openswan, but rather NETKEY, or some oddities of the distro I use... I
don't know. For me the most important is that it works now.
Kind regards,
Piotr
More information about the Users
mailing list