[Openswan Users] Asymmetric routing between Shrewsoft 2.1.7 and OpenSwan

Paul Wouters paul at xelerance.com
Thu Aug 25 10:52:04 EDT 2011

On Thu, 25 Aug 2011, Erich Titl wrote:

> I am trying to connect a road warrior on Windows 7 Home and a dated
> OpenSwan 2.4.7 installation, using X.509 certs. I know the gateway is
> pretty old but I am convinced that the error is not on the openswan
> side. Someone might have had a similar problem.

> However, when I try to send an icmp echo request to the remote network I
> see the packet coming from the configured virtual address, but
> travelling in the clear, not in the tunnel. The reply though is sent
> through the tunnel.

> This is the data coming in on the clear on vlanxx on the OpenSwan gateway.
> 09:20:42.176576 IP > ICMP echo request, id 1,
> seq 486, length 40

> Here are the exported settings on the client.

> s:client-ip-addr:
> s:client-ip-mask:

> s:policy-list-include: /

It seems covered by the policy. My guess is that because the remote is in
the same LAN, it might not hit the routing code, and therefor not hit the
srewsoft client. (but I have no idea of how they hook things into windows,
so its a wild guess)

You can try changing the LAN to be a smaller segment and see if it suddenly
starts working properly to confirm this.


More information about the Users mailing list