[Openswan Users] Old user having troubles with new techniques
Bob Miller
bob at computerisms.ca
Mon Jun 28 22:37:24 EDT 2010
On Mon, 2010-06-28 at 15:19 -0400, Larry Brown wrote:
> > Sounds like your IPsec tunnel is working properly. Are you sure there
> > is no firewall on your office gateway (10.45.212.71)?
> >
>
> iptables -L
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere Policy match dir in pol ipsec
> ACCEPT all -- anywhere anywhere Policy match dir out pol ipsec
>
I used the policy match once, and it worked great. The next time I
whacked my head off the keyboard about a million times trying to get it
working again, but it never did. In the end, I tried marking my packets
instead of matching policy, and all was good, and that has been my
method for quite some time now. I don't have access to something I can
paste for you, but there are a few examples available from this mailing
list, I believe Peter McGill wrote the one I followed. (can't find that
one now, but it was similar to this:
http://readlist.com/lists/openswan.org/users/0/4115.html)
Bob Miller
334-7117/660-5315
http://computerisms.ca
bob at computerisms.ca
Network, Internet, Server,
and Open Source Solutions
More information about the Users
mailing list