[Openswan Users] routing problem?

Willie Gillespie wgillespie+openswan at es2eng.com
Wed Jun 30 17:34:00 EDT 2010


Frank jansen wrote:
> 10.11.220.10/32 (other company LAN) --- 80.148.46.1xx (other company 
> gateway) ======= 85.214.66.xx (our company gateway)---- 10.29.161.0/24 
> (our company LAN)
> 
>  From a machine in our company LAN e.g. 10.29.161.10 i can't ping or 
> access any service on the opposite site at 10.11.220.10.
> 
> IPv4 forwarding is enabled on the gateway. If i ping from a LAN machine, 
> i can see traffic on the external interface (eth0) at the gateway, but 
> it seems to go in the nirvana:
> h1694579(neu):/etc# tcpdump -vvv host 10.11.220.10 -i eth0
> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 
> bytes
> 11:48:14.391539 arp who-has 10.11.220.10 tell h169xxxx.stratoserver.net
> 11:48:14.392955 arp reply 10.11.220.10 is-at 00:00:0c:9f:f0:02 (oui Cisco)
> 11:48:14.392962 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto 
> ICMP (1), length 84) 10.29.161.10 > 10.11.220.10: ICMP echo request, id 
> 24417, seq 1, length 64
> 11:48:14.392965 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto 
> ICMP (1), length 84) 10.29.161.10 > 10.11.220.10: ICMP echo request, id 
> 24417, seq 2, length 64
> 11:48:14.392974 arp reply 10.11.220.10 is-at 00:00:0c:9f:f0:02 (oui Cisco)
> 11:48:15.383045 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto 
> ICMP (1), length 84) 10.29.161.10 > 10.11.220.10: ICMP echo request, id 
> 24417, seq 3, length 64

So this tcpdump is looking at the external interface of your gateway? 
If so, we should be seeing ESP packets to 85.214.66.x (other company 
gateway) instead.  You shouldn't see anything about 10.11.220.10 on the 
external interface.
Somehow those ICMP packets are not being encapsulated...


More information about the Users mailing list