[Openswan Users] IPsec-Setup

Marcus Carlson marcus at mejlamej.nu
Wed Apr 13 04:52:02 EDT 2011


Hi,

How about iptables -t nat -L? Do you have an ACCEPT rule for the net 
before the MASQ/SNAT rule?

Best regards,
Marcus

2011-04-13 10:27, Thomas Schweikle skrev:
> Am 12.04.2011 23:58, schrieb Willie Gillespie:
>> At this point, let's check two things then:
>> First: cat /proc/sys/net/ipv4/ip_forward
>> It should be 1... and probably is.
> # cat /proc/sys/net/ipv4/ip_forward
> 1
>
>> Second: iptables -L
> # iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
>
> I've listed only one machine, because the other one is identical
> (and not reachable at the moment).
>
> This was one point I checked again and again. But without success.
> At no point in time this had changed:
> - no firewall rules, firewall inactive
> - forwarding active
>
> But:
> - connection between the two gateways
> - no connection between the two networks
> - no connection between gateway and the remote network
>
> entering additional routes for single hosts, or network did not help
> either. I could never make the whole thing route incoming packets to
> the default router or any host except the gateway himself.
>
>
>> -----Original Message-----
>> From: "Thomas Schweikle"<tps at vr-web.de>
>> Sent: Tuesday, April 12, 2011 3:01pm
>> To: users at lists.openswan.org
>> Subject: Re: [Openswan Users] IPsec-Setup
>>
>> That is what I've read. Adding (left|right)sourceip= again made the
>> connection gateway/gateway work, but not any of the other hosts are
>> reachable. I could connect two hosts, but not two networks.
>> Removing the gateway/network network/gateway and gateway/gateway
>> configs doesn't change anything: I can ping from gateway to gateway,
>> but not from network to gateway or network to network.
>>
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110413/bc70653e/attachment.html 


More information about the Users mailing list