[Openswan Users] OpenSwan won't Encapsulate my Packets

Paul Wouters paul at xelerance.com
Wed Dec 8 20:51:37 EST 2010

On Thu, 9 Dec 2010, Markus Ewald wrote:

>>> Connection comes up fine. Remote side can ping me and access local
>>> services, but I cannot reach the other end.
>> Usually a NAT or firewall issue
> How can I debug this?

By temporarilly disabling it?

> - On the OpenSwan system, ppp0 has the public IP, there's no external 
> broadband router involved
> - My iptables is configured to let *everything* out.
> - My NAT rule: iptables -A POSTROUTING -t nat -o ppp0 ! -d 

>> If using NETKEY, your tcpdump will not be able to see outgoing encrypted
>> packets.
> How can I find out? I grepped my kernel .config, but neither klips or netkey 
> appear in it.

ipsec --version (when openswan is running)

> Still, if the second tcpdump command prints the packet, that means they're 
> not being picked up by OpenSwan or am I mistaken here?

second tcpdump? With netkey you dont see the outgoing encrypted packets.


More information about the Users mailing list