Openswan & ipmasq on Debian Testing

To: debian-user@lists.debian.org
Subject: Openswan & ipmasq on Debian Testing
From: Prepaid <prepaid@gmail.com>
Date: Thu, 7 Sep 2006 10:53:24 -0400
Message-id: <[🔎] 6beddb200609070753m41671717p1307e9790eec6980@mail.gmail.com>

Hello all

I'm running a Debian testing box, and am trying to use Openswan to connect to some IPSEC VPNs to create network to network VPNs.

I have no issues configuring OPENSWAN to connect to the remote end, but the problem that I am having is that the ipmasq firewall rules I assume are dropping the traffic.

With some fumbling around I was able to make it so that the host running openswan was reachable via the VPN, I had to edit /etc/ipmasq/rules/I10l.def and add:
$IPTABLES -A INPUT -j ACCEPT -i ipsec0
$IPTABLES -A OUTPUT -j ACCEPT -o ipsec0

But now I'm at a loss on how to get the other hosts on the network reachable, I get firewall reject logs in the kernel log ex:
IN=ipsec0 OUT=eth1 SRC="" href="http://10.10.20.35">10.10.20.35 DST= 10.10.5.6 LEN=84 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=50190 SEQ=8

10.10.20.0/24 is the remote network 10.10.5.0/24 is the local network.

Any ideas on how to let this traffic through?
Thanks in advance!

Reply to:

Follow-Ups:
- Re: Openswan & ipmasq on Debian Testing
  - From: George Borisov <george@dxsolutions.co.uk>

Prev by Date: Re: Backports
Next by Date: Nautilus and beagle
Previous by thread: Re: Backports
Next by thread: Re: Openswan & ipmasq on Debian Testing
Index(es):
- Date
- Thread