[Openswan Users] Tunnel OK but can't ping!

Piotr Dzionek piotr.dzionek at intercon.pl
Wed Feb 20 02:57:01 EST 2013


Are ICMP packets encapsulted in esp headers?  Use tcpdump with protocol
option set to esp and see if there is any traffiic coming out and check
for udp packets with port 4500 (for NAT Traversal traffic).

W dniu 19.02.2013 23:32, Marcelo Moras pisze:
> Hi,
>
> I Established a connection with openswan and 2 linux CentOs.
>
> scenario:
> |10.0.0.0/24---172.30.1.254|---|200.x.x.x|---INTERNET---|201.X.X.X--192.168.222.0/20|
> <http://10.0.0.0/24---172.30.1.254%7C---%7C200.x.x.x%7C---INTERNET---%7C201.X.X.X--192.168.222.0/20%7C>
>
> |Firewall-OpenSwan         |   | router  |              |OpenSwan   
>             |
>
> Logs OK
> sent QI2, IPsec SA established
> ISAKMP SA established
>
> Tunnel OK
> IPsec running  - pluto pid: 9153
> pluto pid 9153
> 1 tunnels up
>
> But I can not ping from one station to another ip
> Ping from 10.0.0.122 to 192.168.222.10
>
> tcpdump Firewall-OpenSwan (left)
> IP 10.0.0.122 > 192.168.222.10 <http://192.168.222.10>: ICMP echo
> request, id 512, seq 26759, length 40
>
> tcpdump Openswan (right)
> 10.0.0.122 > 192.168.222.10 <http://192.168.222.10>: ICMP echo
> request, id 512, seq 27527, length 40
>
> Do not have the reply, can someone help me?
>
> Regards,
> Marcelo
>
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130220/91a01bde/attachment.html>


More information about the Users mailing list