[Openswan Users] forwarding/routing after decryption

Paul Wouters paul at xelerance.com
Wed Jan 20 10:40:38 EST 2010

On Tue, 19 Jan 2010, Jeff Jensen wrote:

>     I have a tunnel receiving traffic but not routing/forwarding it. The tunnel has a Linksys
> BEFSX41 at the distant end sitting right on the internet. There is no NAT involved. The OpenSWAN
> server sits directly on the internet as well. There is an XP host behind the linksys and behind
> the server.
> TCPDUMP shows the ESP packet arrive on the OpenSWAN server's external interface. The next line
> shows the unencrypted UDP 137 from the host behind the linksys destined for a host on my server's
> internally connected network.
> XP Host ----- Linksys --- internet --- OpenSWAN --- XP Host.
> rp_filter is off forwarding is on.
> Been searching the archives and reading and everything. Can't figure out why the OpenSWAN box
> won't route. ip xfrm policy looks correct. I have much experience setting up netfilter with
> iptables. Where could I look? Any other tools besides tcpdump and netfilter logging?

Check "ipsec verify". If nothing obvious is found, post "ipsec barf" somewhere and give us the
url to it.


More information about the Users mailing list