[Openswan Users] Tunnel up - packets sent thru - but no forwarding to target ! routing issue ?

Gerhard Reuter gerhard.reuter at bayer.com
Fri Nov 21 04:30:13 EST 2014


Hi,

after adding   "leftsourceip=54.93.190.54" to my /etc/ipsec.conf, I have now an advanced routing table

root at ip-172-31-6-249:~# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         0.0.0.0         255.255.255.255 UH        0 0          0 lo
0.0.0.0         172.31.0.1      0.0.0.0         UG        0 0          0 eth0
10.161.62.59    0.0.0.0         255.255.255.255 UH        0 0          0 eth0
172.31.0.0      0.0.0.0         255.255.240.0   U         0 0          0 eth0


10.161.62.59 is my client and this line was added now

Unfortunately the 2 issues are still there:

000 "RWConn"[2]: 172.31.15.0/24===172.31.6.249<172.31.6.249>[@172.31.6.249,+XS+S=C]:17/1701...212.64.xxx.xxx[@,+MC+XC+S=C]:17/0===10.161.62.59/32; erouted; eroute owner: #2

Ping Packets from server 172.31.15.27 are reaching the Openswan (172.31.6.249) but are not sent into the tunnel
Ping Packets from client 10.161.62.59 are tunneled thru the Internet-VPN to the OpenSwan (172.31.6.249) but are not forwarded to the server 172.31.15.27

openswan and the server are located at AWS. I disabled the "source/dest checking" for the OpenSwan and the Server and did the following settings on the OpenSwan:

sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 1
net.ipv4.conf.all.accept_source_route = 1
net.ipv4.conf.default.send_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
root at ip-172-31-6-249:~#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20141121/34fd687e/attachment.html>


More information about the Users mailing list