Hello, all. I'm having problems to get my vpn go throught my Linux gateway. The beginning of my vpn tunnel is inside my local network, and its destination is outside, on the internet :
VPN1 (local network) | | | Linux GW | | | ------- internet ------- | | | VPN2 The problem comes from my Linux GW, which loose my ESP packets. When an ESP packets comes from VPN1 with destination VPN2, it goes throught my LINUX GW. I can see the packet going throught iptables. I see it on the INPUT NAT chain, on the FORWARD filter chain, and it goes throught the last POSTROUTING NAT chain, where it is SNAT to go on the internet. But I can't see it on my external interface with tcpdump. The packet seem to disappear between the lat POSTROUTING chain and my interface. When I LOG it on the last POST routing chain, I have the following LOG message, just before the packet being SNAT: IN= OUT=eth1 SRC=10.0.0.2 DST=193.x.x.x LEN=128 TOS=0x00 TTL=254 ID=29906 PROTO=ESP SPI=0xdaabbc8c where eth1 is my external interface. In the other side, when an ESP packet comes from VPN2 with destination my Linux GW, I try to DNAT it to my VPN1. But same thing, I can see it with tcpdump on my external interface, but I still can't see it in the first NAT PREROUTING chain. ... My Linux GW is a debian with 2.4.19-grsec kernel. I really don't know what's happening. Does anobody have already seen this problem ? Tkx -- Esteban [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
