[Openswan Users] Openswan IPSEC tunel established but it work from one side only

Dario Garay dgaray at gsystems.com.ar
Fri Jan 7 13:44:27 EST 2011 

Willie
Here´re the results

Ping from gateway to your VPN router
Test 1) ping from 192.168.1.7 to 192.168.2.1
---------------------------------------------
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_seq=1 ttl=253 time=6.65 ms
64 bytes from 192.168.2.1: icmp_seq=2 ttl=253 time=6.84 ms
64 bytes from 192.168.2.1: icmp_seq=3 ttl=253 time=6.15 ms
64 bytes from 192.168.2.1: icmp_seq=4 ttl=253 time=7.55 ms


Test 2) ping from 192.168.2.1 to 192.168.1.7
--------------------------------------------
192.168.1.7 ping statistics
6 packets transmitted, 0 received, 100% packet loss, time 5008ms


Ping from a subnet computer to the routers
Test 3) ping from 192.168.1.0/24 subnet to 192.168.2.1
------------------------------------------------------
>ping 192.168.2.1
Haciendo ping a 192.168.2.1 con 32 bytes de datos:
Respuesta desde 192.168.2.1: bytes=32 tiempo=6ms TTL=252
Respuesta desde 192.168.2.1: bytes=32 tiempo=6ms TTL=252
Respuesta desde 192.168.2.1: bytes=32 tiempo=6ms TTL=252
Respuesta desde 192.168.2.1: bytes=32 tiempo=6ms TTL=252
Estadísticas de ping para 192.168.2.1:
    Paquetes: enviados = 4, recibidos = 4, perdidos = 0
    (0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
    Mínimo = 6ms, Máximo = 6ms, Media = 6ms

Test 4) ping from 192.168.2.0/24 subnet to 192.168.1.7
------------------------------------------------------
Estadísticas de ping para 192.168.1.7:
    Paquetes: enviados = 4, recibidos = 0, perdidos = 4
    (100% perdidos),


Ping from subnet to subnet
Test 5) ping from 192.168.1.0/24 subnet to 192.168.2.0/24 subnet
----------------------------------------------------------------
Estadísticas de ping para 192.168.2.111:
    Paquetes: enviados = 4, recibidos = 0, perdidos = 4
    (100% perdidos),

Test 6) ping from 192.168.2.0/24 subnet to 192.168.1.0/24 subnet
----------------------------------------------------------------
Estadísticas de ping para 192.168.1.9:
    Paquetes: enviados = 4, recibidos = 0, perdidos = 4
    (100% perdidos),



Dario Garay


-----Mensaje original-----
De: Willie Gillespie [mailto:wgillespie+openswan at es2eng.com] 
Enviado el: Viernes, 07 de Enero de 2011 03:18 p.m.
Para: Dario Garay; users at openswan.org
Asunto: Re: [Openswan Users] Openswan IPSEC tunel established but it work from one side only

Dario Garay wrote:
> Question: what I have to check in Iptables or rc.firewall?

Since you noted that the IPsec tunnel is up and working, at this point 
you just need to make sure that you can forward packets to and from your 
subnet.

A few tests you can try:
Ping from gateway to your VPN router
Test 1) ping from 192.168.1.7 to 192.168.2.1
Test 2) ping from 192.168.2.1 to 192.168.1.7

Ping from a subnet computer to the routers
Test 3) ping from 192.168.1.0/24 subnet to 192.168.2.1
Test 4) ping from 192.168.2.0/24 subnet to 192.168.1.7

Ping from subnet to subnet
Test 5) ping from 192.168.1.0/24 subnet to 192.168.2.0/24 subnet
Test 6) ping from 192.168.2.0/24 subnet to 192.168.1.0/24 subnet

That will help you narrow down what works and what doesn't.

More information about the Users mailing list