VPN IPSec Openswan

Hi all,

I have installed Openswan and configured IPSec and works perfect, but for some unknown reasons it stop working. I see that the tunnels are up and established. The route to the destination are added. Everything by the book seems to be ok. But somehow when i start to ping the other side ( private ip ) the packet for that tunnel trying to go out from the interface that have public ip. And for the other tunnel they are not going anyway. All this is on a linux machine CentOS, with eth0 - public ip address, eth0:0 and eth0:1 are private for the tunnels. Can someone help me out here because i need this thing to work ( it's a production ) and i have lost a whole week.

Thanks in advanced !

Can you give us output of

iptables -L 
iptables -t nat -L

Hi,

As i can see now, the packets start to go through the right interface with the right address but no reply still. The tunnels after a long time it getting established. If i make service ipsec restart ... the first think what iv got from the ipsec auto --up tunnel name or ipsec auto --status is this:

After some time the tunnels status is:

Here is the list of the iptables:

And this is the ping and tracepath results:

If you need to redirect traffic from VPN tunnel to eth0 than you must use iptables ro rewrite destination address

iptables -A FORWARD -i eth0:1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0:0 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

after that you need to enable ipv_4 forwarding

sysctl -w net.ipv4.ip_forward=1

To stay permanent you need to edit /etc/sysctl.conf file

On the other side you must enable input traffic

iptables -A INPUT -s <eth0> -j ACCEPT

Hey thanks for reply,

sorry didn't see that i have mails formatting my pc etc ... about the situation now everything is under control i see that there is some route in the Windows machines so now everything is fine and work perfect ...
thanks again for helping and sorry for the delay !