Hi All,
I'm banging my head against the wall after a couple of days of trying to get this right and trying hard to read docs and get myself sorted out.
I have an ipcop machine that's running a net to net vpn to another ipcop machine and it's running great.
I have an openwrt install on a third network (home) with openswan installed and am trying to configure it to be another net to net vpn.
I've got ipsec.conf configured like the examples and / or like my ipcop machines with the same result every time:
1. VPN connects, everything appears connected on Ipcop side and on Openwrt side through openswan.
2. From any machine on the IPCOP network (10.4.10.x) I can ping the open wrt box's green ip (192.168.4.1), but no other machine on the openwrt side's network.
3. From any machine on the openwrt network (192.168.4.x) I CANNOT ping any machine on the 10.4.10.x network.
4. From any machine on the openwrt network (192.168.4.x) I CANNOT ping the IPCOP machine itself (10.4.10.1)
I'm almost positive this has something to do with my iptables setup. I struggle with iptables though. I've tried several settings from this lists postings and openswan wiki.
I currently have the following: (Mostly commented out)
#iptables -t nat -A postrouting_rule -o eth0 -s 192.168.4.0/24 -d \! 10.4.10.0/24 -j MASQUERADE
iptables -A input_rule -p esp -s 11.111.11.11 -j ACCEPT # allow IPSEC
iptables -A input_rule -p udp -s 11.111.11.11 --dport 500 -j ACCEPT # allow ISAKMP
iptables -A input_rule -p udp -s 11.111.11.11 --dport 4500 -j ACCEPT # allow NAT-T
#iptables -t nat -A postrouting_rule -d 10.4.10.0/24 -j ACCEPT
#iptables -A forwarding_rule -i eth1 -o ipsec0 -j ACCEPT
#iptables -A forwarding_rule -i ipsec0 -o eth1 -j ACCEPT
I've tried to copy the iptables rules that are on the ipcop side and it seems to work from from itself to another ipcop machine but I can't find any iptable settings that relate to the vpn connections.
Can anyone recomend something to try?
Thanks,
Stu