[Openswan Users] UPDATE: Tunnel up, can ping, cannot connect!! :S

Willie Gillespie wgillespie+openswan at es2eng.com
Thu Dec 2 16:00:46 EST 2010

Ing. Rodrigo Méndez wrote:
> I disabled iptables on my server xxx.xxx.xxx.1 and the connection is 
> ESTABLISHED. This means iptables is stopping the SYN|ACK packages from 
> zzz.zzz.zzz.3 somehow.
> This are the iptables rules I'm applying:
> iptables -I OUTPUT -p udp --dport 500 -j ACCEPT
> iptables -I INPUT -p udp --dport 500 -j ACCEPT
> iptables -I INPUT -p udp --dport 4500 -j ACCEPT
> iptables -I OUTPUT -p udp --dport 4500 -j ACCEPT
> iptables -I INPUT -p 50 -j ACCEPT
> iptables -I OUTPUT -p 50 -j ACCEPT

Take a look at these types of rules:
-A INPUT -m policy --pol ipsec --dir in -j ACCEPT
-A OUTPUT -m policy --pol ipsec --dir out -j ACCEPT
(or -A FORWARD if your computer is routing packets elsewhere)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6456 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20101202/057c24c0/attachment.bin 

More information about the Users mailing list