[Openswan Users] Return Traffic on wrong interface

Josh Mesilane zindello at chibiko.net
Mon Mar 29 05:33:42 EDT 2010 

Hi All,

I have a network to network set up between two firewalls. I am having an
issue with one firewall not routing traffic correctly that is passed over a
VPN. I moved to OpenSwan after trying to get the ipsec tunnel working with
racoon, however found some *very* queer behaviour. The setup is as follows:

Remote Location:
Centos 4.7
OpenSwann
eth3 - WAN connection
eth2 - LAN connection

This firewall is directly attached to the internet via the ethernet
connection

Local Location:
Centos 4.7
OpenSwann
(eth2) ppp0 - VoIP internet connection
(eth3) ppp1 - WAN internet connection
eth1 - Internal Network
eth0 - Wireless Network

The Tunnel between the two hosts establishes, and when sending ICMP traffic
from inside the Local Connection to the Remote Connection, the traffic is
received at the Local router, encapsulated .and tunneled and sent to the
remote router, where is is decrypted and passed on the remote server
(checked with Wireshark... almost said ethereal there...). The remote server
replies, This reply then completes the trip over the VPN but never arrives
at the computer on the LAN.

Further investigation showed that the ICMP reply packet is coming in the
ppp1 interface, the packet is then being decrypted and is showing the
decrypted packet on the ppp1 interface, not the local interface (eth1) where
the destination IP would suggest the packet should go.

I was having a similar issues when trying to get this setup working using
the inbuilt racoon tools. I got the tunnel connected and working and could
pass ICMP traffic over the connection, however when trying to use any
service that returns packets on a tcpmux port, the returned packet would
show on the ppp interface locally and not the internal LAN interface. ICMP
traffic, however would pass.

Any suggestions? What do you guys need to help me troubleshoot this further?

Cheers,
Josh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100329/2cfdbabc/attachment-0001.html

More information about the Users mailing list