[Openswan Users] Move to Inbox More 1 of 65 [openswan users] I have some problem about ping from pc1 to pc2 in vpn site2site tunnel mode.thanks

[xue tao]

yeah, every time updated ipsec.conf I will try this two iptables rules. Now
I found this two rules maybe have the same function. Issuing ping from PC1
still only capture reply on ONT1.
So there is two question need to be solved:
1. I capture data on wan interface, each time two esp packet and one icmp
reply packets , Is this correct with plain text icmp packets?
2. To find a way let reply packets forward to PC1. Now my environment only
setup ipsec tunnel.

01:18:48.897899 IP 135.251.199.83 > 135.251.205.188:
ESP(spi=0x1baa58c3,seq=0xb), length 100
01:18:48.899898 IP 135.251.205.188 > 135.251.199.83:
ESP(spi=0xc51ef3c2,seq=0xb), length 100
01:18:48.900199 IP 192.168.5.100 > 192.168.1.101: ICMP echo reply, id 1,
seq 1348, length 40
01:18:53.898650 IP 135.251.199.83 > 135.251.205.188:
ESP(spi=0x1baa58c3,seq=0xc), length 100
01:18:53.900291 IP 135.251.205.188 > 135.251.199.83:
ESP(spi=0xc51ef3c2,seq=0xc), length 100
01:18:53.900534 IP 192.168.5.100 > 192.168.1.101: ICMP echo reply, id 1,
seq 1349, length 40
01:18:58.899278 IP 0.0.0.0 > 0.0.0.0: ESP(spi=0x00000000,seq=0x0), length
100
01:18:58.901227 IP 135.251.205.188 > 135.251.199.83:
ESP(spi=0xc51ef3c2,seq=0xd), length 100
01:18:58.901552 IP 192.168.5.100 > 192.168.1.101: ICMP echo reply, id 1,
seq 1350, length 40
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160624/83b80c7d/attachment.html>