[Openswan Users] OpenSwan won't Encapsulate my Packets (was: Roadwarrior setup only works from Server to Client)

Paul Wouters paul at xelerance.com
Wed Dec 8 19:14:54 EST 2010


On Thu, 9 Dec 2010, Markus Ewald wrote:

> Connection comes up fine. Remote side can ping me and access local
> services, but I cannot reach the other end.

Usually a NAT or firewall issue

> If I do "tcpdump -i ppp0 -n -p udp port 500 or udp port 4500 or ah or
> esp" and ping the other side, no output is generated.
> If I do "tcpdump -i ppp0 -p icmp" however, I see the packets being sent,
> unencapsulated, to my ISP.

If using NETKEY, your tcpdump will not be able to see outgoing encrypted
packets.

Paul


More information about the Users mailing list