[Openswan Users] Old user having troubles with new techniques

Willie Gillespie wgillespie+openswan at es2eng.com
Mon Jun 28 14:44:30 EDT 2010

Larry Brown wrote:
> So I am able to create the tunnel from the roadwarrior successfully.  I
> send out a ping from the roadwarrior to the server with no
> response. Sniffing traffic on the roadwarrior gateway I can see the
> packets source destination as ESP packets.  On
> the Office gateway I can see the ESP packets from
> arriving.  Imediately after those packets I see the ICMP packet from
> destination on eth0 (external interface).  I do
> not see a packet on eth1 of that gateway bound for  There is
> no firewall enabled.

Sounds like your IPsec tunnel is working properly.  Are you sure there 
is no firewall on your office gateway (

/proc/sys/net/ipv4/ip_forward needs to be 1, which I'm sure it is if 
it's acting as a NAT.  Is there an iptables rule which is allowing 
packets from to get through to

Perhaps something like this?
-A FORWARD -i eth0 -o eth1 -m policy --pol ipsec --dir in -j ACCEPT
-A FORWARD -i eth1 -o eth0 -m policy --pol ipsec --dir out -j ACCEPT

If you truly don't have a firewall on your gateway, then I'm not exactly 
sure what's going on.


More information about the Users mailing list