[Openswan Users] Tunnel up, can't ping!! Help is much appreciated!!

Paul Wouters paul at xelerance.com
Tue Nov 23 14:11:32 EST 2010

On Tue, 23 Nov 2010, "Ing. Rodrigo Méndez" wrote:

> My Linux CentOS server (openswan) IP: xxx.xxx.xxx.1 ----- VPN Concentrator (Juniper ISG 2000) IP: yyy.yyy.yyy.2 --- Remote box 3 (private IP: zzz.zzz.zzz.3)
> Boxes 1 and 2 have public IP. Box 3 has private IP (is behind the VPN Concentrator). The goal is to connect box 1 to box 3.

> My Config is as follows:

Looks fine.

> The problem is that the tunnel is UP but there's no way I can connect or ping the other side. An interesting thing is that if I ping the other side from box 1 after I disabled iptables - service iptables stop- I get no response at all, but if iptables is active i get the error message "ping: sendmsg: operation not permitted"

So your firewall has a problem and needs to allow traffic from/to zzz.zzz.zzz.3

> Nov 22 20:33:20 bitlab pluto[4690]: "iusacell-bitlab-test" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xca7636a3 <0x1149928c xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}

Looks good.

Perhaps the Juniper or the remote box 3 is not allowing your ping to go through?

Run ipsec verify, do you haev IP forwarding enabled? rp_filter disabled?


More information about the Users mailing list