[Openswan Users] Routing Issue I don't understand

Ben Schmidt crackhd2 at gmail.com
Wed Aug 14 04:52:39 UTC 2013


Hi Gertjan,

ping to a Address in the DST Network that should reply:
#########
ipsec01:~# ping 10.41.35.4
PING 10.41.35.4 (10.41.35.4) 56(84) bytes of data.
>From yyy.yyy.27.137 icmp_seq=1 Destination Host Unreachable
>From yyy.yyy.27.137 icmp_seq=2 Destination Host Unreachable
#########

tcpdump:
#########
ipsec01:~# tcpdump -n not port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
06:48:51.743462 IP yyy.yyy.27.141 > 10.41.35.4: ICMP echo request, id 4483,
seq 1, length 64
06:48:51.744362 IP yyy.yyy.27.137 > yyy.yyy.27.141: ICMP host 10.41.35.4
unreachable, length 36
06:48:52.744488 IP yyy.yyy.27.141 > 10.41.35.4: ICMP echo request, id 4483,
seq 2, length 64
06:48:52.745262 IP yyy.yyy.27.137 > yyy.yyy.27.141: ICMP host 10.41.35.4
unreachable, length 36
#########
yyy.yyy.27.141 is my public Gateway

Any Ideas?

Thanks,
Ben


On Tue, Aug 13, 2013 at 6:43 PM, Gertjan Baarda <gertjan.baarda at gmail.com>wrote:

> What does the ping output say?
>
>
> On Tuesday, August 13, 2013, Ben Schmidt wrote:
>
>> Hallo Mailing List,
>>
>> I got VPN up and running from openswan 2.6.37-3 running on debian 7 amd64
>> connecting to a Juniper ISG.
>> My Problem is that I can not get a single ping over the Tunnel, seems
>> like a routing Issue.
>>
>> Here is my config: http://pastebin.com/QdqtpPsg
>> Here is the ouput of "ipsec auto --status": http://pastebin.com/7i4UJKAu
>> Here is the output of "ipsec barf" > http://pastebin.com/iaMkuGwc
>>
>> So it tells me that "ip xfrm policy" is
>> ###########
>> src 192.168.210.0/24 dst 10.41.35.0/24
>>         dir out priority 2344 ptype main
>>         tmpl src yyy.yyy.27.141 dst zzz.zzz.2.74
>>                 proto esp reqid 16385 mode tunnel
>> src 10.41.35.0/24 dst 192.168.210.0/24
>>         dir fwd priority 2344 ptype main
>>         tmpl src zzz.zzz.2.74 dst yyy.yyy.27.141
>>                 proto esp reqid 16385 mode tunnel
>> src 10.41.35.0/24 dst 192.168.210.0/24
>>         dir in priority 2344 ptype main
>>         tmpl src zzz.zzz.2.74 dst yyy.yyy.27.141
>>                 proto esp reqid 16385 mode tunnel
>> ###########
>>
>> That should do what I want, but it doesn't.
>>
>> Could someone please point me in a direction to look at?
>>
>> Thanks a lot,
>> Ben
>>
>>
>
> --
> Sent from Gmail Mobile
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130814/6224755c/attachment.html>


More information about the Users mailing list