[Openswan Users] Tunnel up, can't ping!! Help is much appreciated!!

[Willie Gillespie]

Ing. Rodrigo Méndez wrote:
> Paul, Willie,
> 
> Thans A LOT for your responses.
> 
> I still cannot get pings through but there are more clues...
> 
> 1.- I tried adding forceencaps=yes to the conn part of my ipsec.conf with no results.
> 
> 2.- When I ping the zzz.zzz.zzz.3 box (private lan) from my CentOs box (xxx.xxx.xxx.1) I see this type of packages when doing a TCP dump:
> 
> -------------
> 12:37:21.458338 IP xxx.xxx.xxx.1  > yyy.yyy.yyy.2: ESP(spi=0xca766790,seq=0x32), length 116
> -------------
> 
> 
> I think this means some packets are getting out from my CentOs Box to their Juniper router, right?

Yes, they are at least leaving your CentOS box.  See Simon's reply for 
more help here.

> 
> 
> 3.- When I stop iptables (service iptables stop) I get this when doing "iptables -L"
> 
> # iptables -L
> 
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination         
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination         
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination    
> 
> I think it means there's no block from my part, right?

Good to know how that works on CentOS.  You are correct... no blocking 
on your part in this case.