[Openswan Users] IPsec-Setup

Thomas Schweikle tps at vr-web.de
Wed Apr 13 04:27:03 EDT 2011

Am 12.04.2011 23:58, schrieb Willie Gillespie:
> At this point, let's check two things then:
> First: cat /proc/sys/net/ipv4/ip_forward
> It should be 1... and probably is.

# cat /proc/sys/net/ipv4/ip_forward

> Second: iptables -L
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I've listed only one machine, because the other one is identical
(and not reachable at the moment).

This was one point I checked again and again. But without success.
At no point in time this had changed:
- no firewall rules, firewall inactive
- forwarding active

- connection between the two gateways
- no connection between the two networks
- no connection between gateway and the remote network

entering additional routes for single hosts, or network did not help
either. I could never make the whole thing route incoming packets to
the default router or any host except the gateway himself.

> -----Original Message-----
> From: "Thomas Schweikle" <tps at vr-web.de>
> Sent: Tuesday, April 12, 2011 3:01pm
> To: users at lists.openswan.org
> Subject: Re: [Openswan Users] IPsec-Setup
> That is what I've read. Adding (left|right)sourceip= again made the
> connection gateway/gateway work, but not any of the other hosts are
> reachable. I could connect two hosts, but not two networks.
> Removing the gateway/network network/gateway and gateway/gateway
> configs doesn't change anything: I can ping from gateway to gateway,
> but not from network to gateway or network to network.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 219 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20110413/33ea40e2/attachment.bin 

More information about the Users mailing list