[Openswan Users] Tunnel established but can't ssh or ping

TheCajun thecajun at nmia.com
Fri Feb 22 14:15:25 EST 2013 

> Hi,
> 
> Everytime I see something like this on my own systems it's because I've forgotten to add appropriate firewall rules.
Thank you for the reply.  I have already tried without the firewall. But the rules I *do* have
worked with older router/modem.  It was a qwest zyxel q100.  This new
one is an Actiontec C1000A.  The configuration I have worked good with
the zyxel q100.  With no changes to VPN configuration, the new Actiontec C1000A
will establish a tunnel, but no trafic gets through.
> 
> Also you were hinted to use eth0 in your tcpdump command. That may not actually be the interface you need to listen to on either or both ends. You should make sure you are tracing for ESP packets on the interface where your routes point to the other (public) endpoint of the tunnel.
I checked my history to make sure I did use
correct interface.  Remote is eth0 and local is p4p1.  I *did* use
correct interfaces.

> 
> You should also check routing tables to make sure you're not accidentally routing at either end in such a way to avoid passing through your IPSEC gateways. The fact that you see no ESP packets at one end of the connect suggests this might be the case.
I am not sure what the routing table should look like, but again, I've
not changed anything after new modem was installed.  Here it is.

F17> route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.4.1     0.0.0.0         UG    0      0        0 p4p1
172.23.93.0     *               255.255.255.0   U     0      0        0 p4p1
192.168.4.0     *               255.255.255.0   U     0      0        0 p4p1

The 172.23.93.0 is the remote subnet.  should it be there?

Thank you,

Durwin
> 
> Thanks
> 
> Alex
> 
> 
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list