[Openswan Users] CentOS5 + Draytek 2820 pings only one way

John Crisp jcrisp at safeandsoundit.co.uk
Thu Feb 14 17:49:14 EST 2013 

On 14/02/13 21:58, Willie Gillespie wrote:
> I didn't have time to look really closely yet, but since the IPsec SA is
> established, I would look really closely at the iptables/firewalls on
> both sides instead if things are going only one way.  Doesn't seem to
> really be an IPsec problem.

Thanks for the reply. I wasn't sure if it was a problem in ipsec.conf
(the IP address/routing part) or iptables, and whichever way, I am no
expert in either !

> 
> When you are pinging from your server, are you pinging from 192.168.99.1
> or L.C.98.24?

That's tricky to answer.

It's a VPS server with a 'real' card and public IP address L.C.98.24 but
it also has a 'dummy adaptor with an internal address of 192.168.99.1

When I ping, I am doing it from a ssh session in the box. SO what is my
IP at that point. I guess L.C.98.24 if I am pinging 'off site'


eth0      Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:192.168.99.1  Bcast:192.168.99.255  Mask:255.255.255.0
          UP BROADCAST MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

eth1      Link encap:Ethernet  HWaddr 00:16:3C:DF:E2:DB
          inet addr:L.C.98.24  Bcast:5.44.98.255  Mask:255.255.255.0
          inet6 addr: fe80::216:3cff:fedf:e2db/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:29798084 errors:0 dropped:0 overruns:0 frame:0
          TX packets:433044 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1873430254 (1.7 GiB)  TX bytes:41440151 (39.5 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:124540 errors:0 dropped:0 overruns:0 frame:0
          TX packets:124540 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:10757535 (10.2 MiB)  TX bytes:10757535 (10.2 MiB)


> 
> e.g., does the following ping get through?
> ping -I 192.168.99.1 10.0.0.251
> 

----------------------------------------------------

FROM L.C.98.24
ping -I 192.168.99.1 10.0.0.251
PING 10.0.0.251 (10.0.0.251) from 192.168.99.1 : 56(84) bytes of data.

More information about the Users mailing list