[Openswan Users] the packets did not traffic under ESP tunnel on openswan

Paul Wouters paul at nohats.ca
Sat Mar 17 11:01:08 EDT 2012


On Thu, 15 Mar 2012, Ozai wrote:

> I merged the openswan(2.6.37) into embedded linux(mips) and tried to make the connection with another ipsec
> system(ipsec-tools).The ESP tunnel can be built successfully.I tried to ping private client from ipsec-tools to
> openswan.It's OK.but from openswan to ipsec-tools,It's failed.I found that from openswan to ipsec-tools,the packets did
> not traffic under ESP tunnel.My settings are as below.Please help me to correct my procedure.thank's.

Did you test from the device itself? Did you ping -I ?
Try adding:

 	leftsourceip=111.243.152.132
        rightsourceip=111.243.156.217

Ensure you are not NATing packes for/to the 192.168 ranges.
Ensure you have forwarding enabled, and rp_filter disabled

(if your embedded system has perl, try "ipsec verify"

Paul


More information about the Users mailing list