[Openswan Users] UPDATE: Tunnel up, can ping, cannot connect!! :S
Willie Gillespie
wgillespie+openswan at es2eng.com
Thu Dec 2 16:00:46 EST 2010
Ing. Rodrigo Méndez wrote:
> I disabled iptables on my server xxx.xxx.xxx.1 and the connection is
> ESTABLISHED. This means iptables is stopping the SYN|ACK packages from
> zzz.zzz.zzz.3 somehow.
>
> This are the iptables rules I'm applying:
>
> iptables -I OUTPUT -p udp --dport 500 -j ACCEPT
> iptables -I INPUT -p udp --dport 500 -j ACCEPT
> iptables -I INPUT -p udp --dport 4500 -j ACCEPT
> iptables -I OUTPUT -p udp --dport 4500 -j ACCEPT
> iptables -I INPUT -p 50 -j ACCEPT
> iptables -I OUTPUT -p 50 -j ACCEPT
Take a look at these types of rules:
-A INPUT -m policy --pol ipsec --dir in -j ACCEPT
-A OUTPUT -m policy --pol ipsec --dir out -j ACCEPT
(or -A FORWARD if your computer is routing packets elsewhere)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6456 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20101202/057c24c0/attachment.bin
More information about the Users
mailing list