[Openswan Users] access to the remote ipsec connexion on local router
Jean-Francois Couture
jfcouture at devsys-inf2001.com
Thu Apr 21 09:15:06 EDT 2011
Hi all,
I made a tunnel between openswan (as a linux router) and a watchgard X core router.
Everything works on the computers on the lan side of the linux router. (ping, access etc...)
but, on the linux router itself, I can’t ping or have access to the other side of the tunnel.
Is there some iptables rule I need to add to make the linux router see the lan on the other side of the watchguard ?
Here are the iptables rules I have setup to make the linux LAN side see the watchguard’s LAN side:
On my setup: linux router LAN is 192.168.112.0/24
watchguard LAN is 192.168.10.0/24
iptables -t filter -A INPUT -p 17 --dport 500 -j ACCEPT # udp/isakmp
iptables -t filter -A INPUT -p 50 -j ACCEPT # esp
iptables -t mangle -A PREROUTING -p 17 --dport 500 -j MARK --set-mark 1 # udp/isakmp
iptables -t mangle -A PREROUTING -p 50 -j MARK --set-mark 1 # esp
iptables -t filter -A INPUT -m mark --mark 1 -j ACCEPT
iptables -t filter -A FORWARD -m mark --mark 1 -j ACCEPT
iptables -t filter -A OUTPUT -j ACCEPT
iptables -t filter -A FORWARD -s 192.168.112.0/24 -j ACCEPT
iptables -t nat -I POSTROUTING -d 192.168.10.0/24 -j ACCEPT
thanks for any help on this.
Jeff C.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110421/897c4a8a/attachment.html
More information about the Users
mailing list