[Openswan Users] Tunnel established but can't ssh or ping
Alex Crow
acrow at integrafin.co.uk
Fri Feb 22 15:33:57 EST 2013
Durwin,
OK, one more biggie I forgot to ask, since you changed your router: did
you make sure that IPSEC passthru has been disabled on the new router?
On some models it's not possible to disable it and you will be SOL. You
may also have to do port forwarding of IP Proto 50 and UDP ports 4500
and 500 to the OpenSwan box depending on which end initiates the connection.
It's like SIP, some routers you can't disable the SIP ALG and it royally
screws up all your perfectly correct design as soon as it hits said
device. You may have had a very rare router that actually did IPSEC
passthru right and changed it for one that doesn't.
The remote subnet should be listed on p4p1 as long as that interface is
the one the remote gateway is contactable on, I don't see a prob with that.
Further than this I don't think I can offer more help. But please check
at both ends of the tunnel (not just the one with the new router) if and
kind of IPSEC ALG or passthru or NAT or similar (ad infinitum) is
enabled and just turn it off in preference for just port forwarding the
correct ports and protocols to your gateways.
Cheers
Alex
More information about the Users
mailing list