[Openswan Users] OpenSwan won't Encapsulate my Packets (was: Roadwarrior setup only works from Server to Client)

Markus Ewald cygon at nuclex.org
Wed Dec 8 18:43:51 EST 2010


  I think I've gotten a bit further with my problem. My setup is this 
(a.b.c.d is the static IP of the remote IPsec server)

     
192.168.124.0/24===91.34.62.24[@my_id]...a.b.c.d[@their_id]===192.168.248.0/24

Connection comes up fine. Remote side can ping me and access local 
services, but I cannot reach the other end.

If I do "tcpdump -i ppp0 -n -p udp port 500 or udp port 4500 or ah or 
esp" and ping the other side, no output is generated.
If I do "tcpdump -i ppp0 -p icmp" however, I see the packets being sent, 
unencapsulated, to my ISP.

Why is OpenSwan not picking up my packets? My tunnel connection is 
configured as this:

     conn nwsi
             left=%defaultroute
             leftid=@my_id
             leftsubnet=192.168.124.0/24
             right=a.b.c.d
             rightid=@their_id
             rightsubnet=192.168.248.0/24
             rightnexthop=%direct

If I ping 192.168.248.1 from 192.168.124.1, this should be a match for 
the tunnel I configured, no?

-Markus-



More information about the Users mailing list