[Openswan Users] OpenSwan won't Encapsulate my Packets
Paul Wouters
paul at xelerance.com
Wed Dec 8 20:51:37 EST 2010
On Thu, 9 Dec 2010, Markus Ewald wrote:
>>> Connection comes up fine. Remote side can ping me and access local
>>> services, but I cannot reach the other end.
>>
>> Usually a NAT or firewall issue
>
> How can I debug this?
By temporarilly disabling it?
> - On the OpenSwan system, ppp0 has the public IP, there's no external
> broadband router involved
> - My iptables is configured to let *everything* out.
> - My NAT rule: iptables -A POSTROUTING -t nat -o ppp0 ! -d 192.168.248.0/24
> -j MASQUERADE
>> If using NETKEY, your tcpdump will not be able to see outgoing encrypted
>> packets.
>>
> How can I find out? I grepped my kernel .config, but neither klips or netkey
> appear in it.
ipsec --version (when openswan is running)
> Still, if the second tcpdump command prints the packet, that means they're
> not being picked up by OpenSwan or am I mistaken here?
second tcpdump? With netkey you dont see the outgoing encrypted packets.
Paul
More information about the Users
mailing list