[Openswan Users] Tunnel up but packets not forwarded to internal iface. Please help.

Piotr Isajew p.isajew at telecommedia.pl
Fri Jan 9 10:12:43 EST 2009

On Fri, Jan 09, 2009 at 09:53:51AM -0500, Paul Wouters wrote:
> You should not need to use 'setkey' for ANYTHING when using openswan.

Hi Paul,

that's strange. I noticed that setkey -DP originally showed that only
"out" policy was defined (as if openswan would define it implicitly):[any][any] any
        out ipsec
        created: Jan  9 14:41:40 2009  lastused: Jan  9 15:59:54 2009
        lifetime: 0(s) validtime: 0(s)
        spid=1865 seq=3 pid=17005

and the result was as I described previously, so outgoing packets from
my network were received at the destination host, reply received on my
external interface but not on internal. 

When I defined "in" policy by hand, setkey -DP showed all of "in",
"out", and "fwd" policies defined, and source host started to receive
response packets. Maybe it's something not directly related to
openswan, but rather NETKEY, or some oddities of the distro I use... I
don't know. For me the most important is that it works now.

Kind regards,


More information about the Users mailing list