[Openswan Users] Tunnel is up but private network is unreachable

Mitsue A Murakami mitsue at webcenter.com.br
Tue Jul 21 10:30:54 EDT 2015

Hi guys. Thanks for you replies.

On 21-07-2015 09:50, Damian McHugh wrote:
> I would specify allowed networks as follows:
> virtual_private=%v4:,%v4: (note I've removed
> the ! ).
Unfortunately, it did not work.

On 21-07-2015 10:09, Nick Howitt wrote:
> Isn't virtual_private only used when IPsec is natted and supplying an 
> IP address to something like a roadwarrior?
No. The topology is:

site A (private subnet)-> debian fw -> Internet -> Cisco Router -> site 
B (private subnet)

Site A private subnet is

Site B private subnet is

> I'd have a look at firewalling, either for an explicit rule for the 
> remote subnet or for a rule for packets with the policy ipsec. I can't 
> remember the details, but I think it is a PREROUTING rule in the nat 
> chain which is needed.
These are the firewall rules :

iptables -A INPUT -p udp --dport 500 -j ACCEPT
iptables -A INPUT -p tcp --dport 4500 -j ACCEPT
iptables -A INPUT -p udp --dport 4500 -j ACCEPT

iptables -t nat -A POSTROUTING -s -d -j 
SNAT --to  (debian fw public IP)

I forgot to mention that traceroute  shows that traffic is going to the 
Internet, not through the tunnel.



More information about the Users mailing list