[Openswan Users] Old user having troubles with new techniques

Larry Brown larry.brown at dimensionnetworks.com
Tue Jun 29 14:28:16 EDT 2010


OK so again with the network layout:

[RW-192.168.2.1] <---- [192.168.1.1 eth1  10.45.212.101 eth0] ---->
[OGW-10.45.212.71 eth0 172.16.0.1 eth1] <______> [172.16.0.4]

So RW's packets destined for 172.16.0.4 reach OGW as ESP packets, then
show up on eth0 as ICMP source 192.168.2.1 and destination 172.16.0.4.
They do not show up on OGW's eth1 interface so they are not being routed
into the private network.

As a test I logged onto the NAT server the RW is behind and put a static
route "ip route add 172.16.0.0/24 via 10.45.212.71 dev eth0".

I then, on OGW, put the iptables rules in to allow packets from eth0 to
forward to eth1 and visa versa and confirmed
that /proc/sys/net/ipv4/ip_forward was set to 1.  I could then ping
172.16.0.4 from 10.45.212.101.  I then went back and restarted the ipsec
service and brought the tunnel back up.  I get the same dead packets on
the floor on OGW when going through the tunnel!








More information about the Users mailing list