[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

esp disappear trought my debian firewall

Hello, all. 
I'm having problems to get my vpn go throught my Linux gateway. The
beginning of my vpn tunnel is inside my local network, and its
destination is outside, on the internet :

 VPN1 (local network)
Linux GW

The problem comes from my Linux GW, which loose my ESP packets.
When an ESP packets comes from VPN1 with destination VPN2, it goes
throught my LINUX GW. I can see the packet going throught iptables. I
see it on the INPUT NAT chain, on the FORWARD filter chain, and it goes
throught the last POSTROUTING NAT chain, where it is SNAT to go on the
internet. But I can't see it on my external interface with tcpdump. The
packet seem to disappear between the lat POSTROUTING chain and my

When I LOG it on the last POST routing chain, I have the
following LOG message, just before the packet being SNAT:

IN= OUT=eth1 SRC= DST=193.x.x.x LEN=128 TOS=0x00 TTL=254
ID=29906 PROTO=ESP SPI=0xdaabbc8c

where eth1 is my external interface.

In the other side, when an ESP packet comes from VPN2 with destination
my Linux GW, I try to DNAT it to my VPN1. But same thing, I can see it
with tcpdump on my external interface, but I still can't see it in the
first NAT PREROUTING chain. ...

My Linux GW is a debian with 2.4.19-grsec kernel.

I really don't know what's happening. Does anobody have already seen
this problem ? Tkx


Reply to: