[Openswan Users] the packets did not traffic under ESP tunnel on openswan
Ozai
ozai.tien at gmail.com
Sun Mar 18 23:15:39 EDT 2012
Dear Paul,
It still did not work after adding your suggestions.
B can ping to A but A can not ping to B even from device itself.
I captured the packets by wireshark and found the packets from A client
always did not traffic under ESP tunnel.Do you have any suggestion for
us,Please help.thank's.
A client---------------openswan
gateway------------------------------ipsec-tool
gateway---------------------B client
192.168.1.2 192.168.1.1 111.243.152.132
111.243.156.217 192.168.2.254 192.168.2.1
Best Regards,
Ozai
----- Original Message -----
From: "Paul Wouters" <paul at nohats.ca>
To: "Ozai" <ozai.tien at gmail.com>
Cc: <users at openswan.org>
Sent: Saturday, March 17, 2012 11:01 PM
Subject: Re: [Openswan Users] the packets did not traffic under ESP tunnel
on openswan
> On Thu, 15 Mar 2012, Ozai wrote:
>
>> I merged the openswan(2.6.37) into embedded linux(mips) and tried to make
>> the connection with another ipsec
>> system(ipsec-tools).The ESP tunnel can be built successfully.I tried to
>> ping private client from ipsec-tools to
>> openswan.It's OK.but from openswan to ipsec-tools,It's failed.I found
>> that from openswan to ipsec-tools,the packets did
>> not traffic under ESP tunnel.My settings are as below.Please help me to
>> correct my procedure.thank's.
>
> Did you test from the device itself? Did you ping -I ?
> Try adding:
>
> leftsourceip=111.243.152.132
> rightsourceip=111.243.156.217
>
> Ensure you are not NATing packes for/to the 192.168 ranges.
> Ensure you have forwarding enabled, and rp_filter disabled
>
> (if your embedded system has perl, try "ipsec verify"
>
> Paul
More information about the Users
mailing list