[Openswan Users] Old user having troubles with new techniques
Willie Gillespie
wgillespie+openswan at es2eng.com
Tue Jun 29 16:47:37 EDT 2010
Larry Brown wrote:
> OK so again with the network layout:
>
> [RW-192.168.2.1] <---- [192.168.1.1 eth1 10.45.212.101 eth0] ---->
> [OGW-10.45.212.71 eth0 172.16.0.1 eth1] <______> [172.16.0.4]
>
> So RW's packets destined for 172.16.0.4 reach OGW as ESP packets, then
> show up on eth0 as ICMP source 192.168.2.1 and destination 172.16.0.4.
> They do not show up on OGW's eth1 interface so they are not being routed
> into the private network.
>
> As a test I logged onto the NAT server the RW is behind and put a static
> route "ip route add 172.16.0.0/24 via 10.45.212.71 dev eth0".
>
> I then, on OGW, put the iptables rules in to allow packets from eth0 to
> forward to eth1 and visa versa and confirmed
> that /proc/sys/net/ipv4/ip_forward was set to 1. I could then ping
> 172.16.0.4 from 10.45.212.101. I then went back and restarted the ipsec
> service and brought the tunnel back up. I get the same dead packets on
> the floor on OGW when going through the tunnel!
This still baffles me. Out of curiosity, can you ping 172.16.0.1 or do
those disappear as well?
More information about the Users
mailing list