[Openswan Users] Tunnel up - packets sent thru - but no forwarding to target ! routing issue ?
Gerhard Reuter
gerhard.reuter at bayer.com
Fri Nov 21 04:30:13 EST 2014
Hi,
after adding "leftsourceip=54.93.190.54" to my /etc/ipsec.conf, I have now an advanced routing table
root at ip-172-31-6-249:~# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 0.0.0.0 255.255.255.255 UH 0 0 0 lo
0.0.0.0 172.31.0.1 0.0.0.0 UG 0 0 0 eth0
10.161.62.59 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
172.31.0.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
10.161.62.59 is my client and this line was added now
Unfortunately the 2 issues are still there:
000 "RWConn"[2]: 172.31.15.0/24===172.31.6.249<172.31.6.249>[@172.31.6.249,+XS+S=C]:17/1701...212.64.xxx.xxx[@,+MC+XC+S=C]:17/0===10.161.62.59/32; erouted; eroute owner: #2
Ping Packets from server 172.31.15.27 are reaching the Openswan (172.31.6.249) but are not sent into the tunnel
Ping Packets from client 10.161.62.59 are tunneled thru the Internet-VPN to the OpenSwan (172.31.6.249) but are not forwarded to the server 172.31.15.27
openswan and the server are located at AWS. I disabled the "source/dest checking" for the OpenSwan and the Server and did the following settings on the OpenSwan:
sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 1
net.ipv4.conf.all.accept_source_route = 1
net.ipv4.conf.default.send_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
root at ip-172-31-6-249:~#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20141121/34fd687e/attachment.html>
More information about the Users
mailing list