[Openswan Users] forwarding/routing after decryption

Jeff Jensen jjensen at unyalli.com
Tue Jan 19 18:30:21 EST 2010

Hello List,

    I have a tunnel receiving traffic but not routing/forwarding it. The
tunnel has a Linksys BEFSX41 at the distant end sitting right on the
internet. There is no NAT involved. The OpenSWAN server sits directly on the
internet as well. There is an XP host behind the linksys and behind the

TCPDUMP shows the ESP packet arrive on the OpenSWAN server's external
interface. The next line shows the unencrypted UDP 137 from the host behind
the linksys destined for a host on my server's internally connected network.

XP Host ----- Linksys --- internet --- OpenSWAN --- XP Host.

rp_filter is off forwarding is on.

Been searching the archives and reading and everything. Can't figure out why
the OpenSWAN box won't route. ip xfrm policy looks correct. I have much
experience setting up netfilter with iptables. Where could I look? Any other
tools besides tcpdump and netfilter logging?

Thanks for any help.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100119/7ea39c22/attachment.html 

More information about the Users mailing list