[Openswan Users] IPSec net to net tunnel established with RV042, but ping from one side gives Destination Host Unreachable

[Paul Wouters]

On Mon, 26 Sep 2011, Geekman wrote:

> Neo's LAN IP is 172.16.0.1, and the RV042's LAN IP is 192.168.1.1
>
> After the tunnel is established, I begin testing using pings. I can
> ping from any device behind the RV042 to any device behind Neo, I can
> even ping from the RV042 itself to Neo using diagnostic tools. Neo is
> able to give back an ICMP response through the tunnel. Additionally, I
> was able to setup an apache webserver on a server sitting in Neo's LAN
> and visit that from the RV042's LAN using the IP 172.16.0.2.
>
> However, when I try and ping from Neo, or a server in Neo's LAN, to
> any IP in the RV042's LAN, I get "From X.X.X.X icmp_seq=2 Destination
> Host Unreachable". Where X.X.X.X seems to be some hop involved when
> trying to trace to the LAN IP over the internet. For example, trying
> to ping 192.168.1.1 from Neo while SSHd in from home, I get:

Is Neo the default gw for those machines. If not, does the default gw
point to Neo for the 192.168.1.0/24 range?

Does the default gw and/or Neo skip NAT/MASQ for packets destined for
the remote subnet? eg:

iptables -I POSTROUTING -s 172.16.0.0/24 -d 192.168.1.0/24 -j RETURN

Paul