[vpn-help] Asymmetric routing between Shrewsoft 2.1.7 and OpenSwan
Kevin VPN
kvpn at live.com
Tue Sep 13 20:57:31 CDT 2011
On 08/25/2011 03:24 AM, Erich Titl wrote:
>
> However, when I try to send an icmp echo request to the remote network I
> see the packet coming from the configured virtual address, but
> travelling in the clear, not in the tunnel. The reply though is sent
> through the tunnel.
>
...
>
> s:policy-level:auto
> s:policy-list-include:172.29.0.0 / 255.255.0.0
>
Hi Erich,
Based on the source and destination of the plaintext traffic being
private addresses, obviously it's possible to reach from the Shrew
client PC to the remote network in some path other than the tunnel.
Perhaps that path (route) has a lower metric than the VPN route, and is
thus used instead of the tunnel route.
I would suggest connecting to the VPN, then checking your Shrew client's
routing table. Check to see if the route directing traffic to the
172.29.0.0 network through the tunnel interface has a lower metric than
any other route that might apply.
If you're not sure, feel free to post the routing table here and we can
look at it.
More information about the vpn-help
mailing list