[Openswan Users] Gateways cannot access opposite networks - Openswan NETKEY

Ryan Davies ryan at professional.geek.nz
Fri Aug 6 03:08:36 EDT 2010

  Hi All,

Myself and my partner's father has set up a VPN so we can access each 
others internal networks.

Our topology is as following: (Example)

    Client A          ->        Server A <->             Server B <- 
          Client B                            
eth0: External IP
eth1: Internal IP

Client A can ping and access Server B and Client B
Client B can ping and access Server A and Client A

Server A cannot ping or access Server B and Client B
Server B cannot ping or access Server A and Client A

Firewall on Server A is set to full allow Server B's public IP
Firewall on Server B is set to full allow Server A's public IP

We are using NETKEY with PSK

Here is my ipsec (With public IP's Removed):
# /etc/ipsec.conf - Openswan IPsec configuration file

version    2.0    # conforms to second version of ipsec.conf specification

# basic configuration
config setup

conn Tunnel-to-Millers
     type = tunnel
     left=a.b.c.d (Server A's Public IP)
     right=w.x.y.z (Server B's Pubic IP)

Im not sure if its routing or masquerading or what, when running a 
traceroute to from Server A, the requests go out through 
Server A's public IP
root at Nelson:~# ping
PING ( 56(84) bytes of data.
--- ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5039ms

If I ping forcing interface eth1 (Internal), they go through
root at Nelson:~# ping -Ieth1
PING ( from eth1: 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=63 time=34.2 ms
64 bytes from icmp_seq=2 ttl=63 time=18.7 ms
64 bytes from icmp_seq=3 ttl=63 time=16.7 ms
64 bytes from icmp_seq=4 ttl=63 time=20.0 ms
--- ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 16.716/22.457/34.252/6.916 ms

Server A runs a DNS server which needs to pass requests for one of our 
domains to a DNS server on the network.

Any help would be appreciated

Ryan Davies

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100806/893a0426/attachment-0001.html 

More information about the Users mailing list