Quoting Petr Titera <P.Titera@xxxxxxxxxx>:[snip]
BUT on FWA:eth1 I see packets from other direction as going from another port than I have connected:[snip]
This is communication as I see it on FWA:eth1 port. Note change from http port to tcpmux port.
09:23:52.171022 IP 192.168.1.200.tcpmux > 192.168.17.200.60424: F 0:0(0) ack 1 win 65535 <nop,nop,timestamp 10752656 3092379283>
Any idea what is wrong?
I just worked through this same problem and posted the solution on the OpenSWAN mailing list. It is a nat problem. Here is my post from the OpenSWAN list:
This is just to get this in the archives as it is solved. (It's a NAT problem.)
I was having trouble with ports being rewritten to port 1. Example:
BoxA --- GwA ====== GwB --- BoxB
GwA running OpenSWAN (openswan-2.1.5-2 Fedora RPM) and GwB a Multitech RoutFinder 550 (MT550VPN).
I would try to ssh from BoxA to BoxB and get this:
15:22:35.859664 IP BoxA.38537 > BoxB.22: S 51958428:51958428(0) win 5840 <mss 1460,sackOK,timestamp 257583923 0,nop,wscale 2> 15:22:35.863491 IP BoxB.22 > BoxA.38537: S 3558425983:3558425983(0) ack 51958429 win 5792 <mss 1336,sackOK,timestamp 12106235 257583923,nop,wscale 2> 15:22:35.863555 IP BoxA.38537 > BoxB.22: . ack 1 win 1460 <nop,nop,timestamp 257583927 12106235> 15:22:35.890997 IP BoxB.1 > BoxA.38537: P 3558425984:3558426007(23) ack 51958429 win 1448 <nop,nop,timestamp 12106262 257583927> 15:22:36.093361 IP BoxB.1 > BoxA.38537: P 0:23(23) ack 1 win 1448 <nop,nop,timestamp 12106465 257583927> 15:22:36.499231 IP BoxB.1 > BoxA.38537: P 0:23(23) ack 1 win 1448 <nop,nop,timestamp 12106871 257583927>
I noticed others were having similar problems:
http://lists.virus.org/users-openswan-0502/msg00239.html
And found the answer through this post:
http://lists.virus.org/users-openswan-0407/msg00002.html
That references this post:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215980
I had to add in the following to solve the port 1 problem:
iptables -A POSTROUTING 1 -p esp -j ACCEPT -t nat
