I've a strange effect. if 2 networks connected with IPSEC / Linux 2.6.9 neta - gwa - ipsec tunnel - gwb - netb neta 192.168.1.0 gwa 192.168.1.254 netb 192.168.2.0 gwb 192.168.2.254 when i open an ssh session from neta to netb it works and the conntrack entry looks like this on gwb: tcp 6 431015 ESTABLISHED src=192.168.2.2 dst=192.168.1.100 sport=33121 dport=22 packets=347 bytes=27765 src=192.168.1.100 dst=192.168.2.2 sport=22 dport=33121 packets=225 bytes=43197 [ASSURED] use=1 but when i try from netb to neta, then the entry looks like this on gwb: tcp 6 118 SYN_SENT src=192.168.1.100 dst=192.168.2.2 sport=54803 dport=22 packets=1 bytes=60 [UNREPLIED] src=192.168.2.2 dst=192.168.1.1 sport=22 dport=54803 packets=0 bytes=0 use=1 the dst= ipadress has the adress of the ipsec gateway instead of the correct address. I've no nat rules for the connection. Is this a known effect ?
