[Openswan Users] IPSec net to net tunnel established with RV042, but ping from one side gives Destination Host Unreachable

[Paul Wouters]

On Tue, 27 Sep 2011, Geekman wrote:

> I totally misinterpreted your suggestion about masquerading before. I
> had originally thought you were checking to make sure I was doing
> masquerading, but based on the rule you provided, it makes sense that
> you would be ensuring masquerading isn't done so that the source IP
> matches the leftsubnet value. Silly me.
>
> I have added in that rule, it worked great when pinging 192.168.1.1
> from the server behind Neo. I was also able to access the router
> interface via lynx, so that's all great.

Great!

> I still had to ping using -I 172.16.0.1 from Neo itself to get the
> correct source IP. From what I understood, the left/rightsourceip
> parameter is meant to remedy this? Although I haven't looked too
> closely at this, and I know there's a section in the PackT OpenSwan
> book I've purchased regarding this, so I'll take look and get back to
> you if there's any problems.

Yes, it should work when using leftsourceip/rightsourceip. Or you can
add a new tunnel that covers just externalip<->externalip.

Paul