[Openswan Users] Tunnel is up but private network is unreachable
Nick Howitt
nick at howitts.co.uk
Tue Jul 21 11:00:21 EDT 2015
I'll check the rules when I'm home later but I don't see why you are
SNATing to a public IP. I'd have thought you'd do "-j ACCEPT" but I
can't remember.
On 2015-07-21 15:30, Mitsue A Murakami wrote:
> Hi guys. Thanks for you replies.
>
>
> On 21-07-2015 09:50, Damian McHugh wrote:
>> I would specify allowed networks as follows:
>>
>> virtual_private=%v4:192.168.13.0/24,%v4:192.168.4.0/24 (note I've
>> removed
>> the ! ).
> Unfortunately, it did not work.
>
> On 21-07-2015 10:09, Nick Howitt wrote:
>> Isn't virtual_private only used when IPsec is natted and supplying an
>> IP address to something like a roadwarrior?
>>
> No. The topology is:
>
> site A (private subnet)-> debian fw -> Internet -> Cisco Router ->
> site B (private subnet)
>
> Site A private subnet is 192.168.4.0/24
>
> Site B private subnet is 192.168.13.0/24
>
>
>> I'd have a look at firewalling, either for an explicit rule for the
>> remote subnet or for a rule for packets with the policy ipsec. I can't
>> remember the details, but I think it is a PREROUTING rule in the nat
>> chain which is needed.
>>
>>
> These are the firewall rules :
>
> iptables -A INPUT -p udp --dport 500 -j ACCEPT
> iptables -A INPUT -p tcp --dport 4500 -j ACCEPT
> iptables -A INPUT -p udp --dport 4500 -j ACCEPT
>
>
> iptables -t nat -A POSTROUTING -s 192.168.4.0/24 -d 192.168.13.0/24 -j
> SNAT --to (debian fw public IP)
>
> I forgot to mention that traceroute shows that traffic is going to
> the Internet, not through the tunnel.
>
>
>
> Regards,
>
>
> --
> Mitsue
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list