[Openswan Users] Tunnel up, can't ping!! Help is much appreciated!!

Paul Wouters paul at xelerance.com
Tue Nov 23 15:51:14 EST 2010

On Tue, 23 Nov 2010, "Ing. Rodrigo Méndez" wrote:

> This is the result from ipsec verify:

Looks good.

> The people from the Juniper VPN concentrator say they don't see any traffic coming from our IPs, so it would seem there's no traffic coming out from Box 1
> (CentOS box). The strange thing is it doesn't work even if iptables is disabled (so no blocking is apparently occurring, or at least it isn't the main
> problem).
> My best guess now is that I'm having a routing problem. 

I don't think so...

> Any ideas on how to tell Linux to route the packages going to zzz.zzz.zzz.3 through the tunnel?? (I'm using netkey, not KLIPS)

manual routing should not be used. netlink will snatch the packets.

> I can't find any route to yyy.yyy.yyy.2 or zzz.zzz.zzz.3 (the box in the private lan) anywhere in the routing table. I'm not sure if this is OK.

that's fine.

It seems you have one interface online. Are you behind a port forward? Is your upstream
router filtering packets?

Try adding forceencaps=yes ?


More information about the Users mailing list