[Openswan Users] Problems with IP routing ctd..
Paul Wouters
paul at xelerance.com
Tue Sep 22 13:27:05 EDT 2009
On Mon, 21 Sep 2009, Randy Wyatt wrote:
> We are able to access the left subnet from the right but not vice versa.
>
> I believe everything except the hostname has been corrected from the previous thread.
>
> We still have not had any success.
>
>
> The barf output is located at http://www.rwwyatt.com/barf.out
I see from it:
hain POSTROUTING (policy ACCEPT 4 packets, 531 bytes)
pkts bytes target prot opt in out source destination
49 3324 MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 MASQUERADE all -- * ppp0 192.168.1.0/24 !10.0.1.0/24
Note that the lower two MASQUERADE rules will never hit. So the exception for packets
going to 10.0.1.0/24 is never used. Note how it says 0 bytes have hit that rule,
yet 3324 bytes have hit the MASQUERADE rule that breaks IPsec tunnels.
However, you are not htting that problem yet according to your logs:
Sep 21 15:19:37 (none) authpriv.warn pluto[1665]: "att-to-home" #2: STATE_MAIN_I2: sent MI2, expecting MR2
That's the last message of your client. It meeans the responder on the
other end silently dropped your last packet. It will likely log why it
did so. So check the logs on the other end.
Paul
More information about the Users
mailing list