Hello.

I have two servers at two different sites. Each have 2 NICs and are using an iptables firewall. I also set up FreeSWAN on both machine for a VPN between the two. The VPN starts successfully. I am using NAT for my machines behind the firewall to get to the Internet. All my machines behind the firewall can connect through the VPN successfully. But, the Linux machine acting as the firewall/VPN gateway wont route traffic through the VPN if I need to connect to the machines sitting behind the firewall at the other network.

Example:

If I'm at LAN 172.16.1.0/24, I can ping the other LAN at 192.168.1.0/24.

If I try to ping 192.168.1.0/24 from the firewall/VPN gatway itself, I get 100% packet loss.

Any ideas why??

Yeah you need to open 50, 51 and 500 port on your firewall.
I'm using the same as u and it's working fine for me.

rc.firewall
----part for frees/wan

# allow IPsec
iptables -A INPUT -p udp --sport 500 --dport 500 -j ACCEPT
iptables -A OUTPUT -p udp --sport 500 --dport 500 -j ACCEPT

iptables -A INPUT -p 50 -j ACCEPT
iptables -A OUTPUT -p 50 -j ACCEPT

iptables -A INPUT -p 51 -j ACCEPT
iptables -A OUTPUT -p 51 -j ACCEPT

-----end-----

regrads, pchammer

I did that. I even tried flushing all rules, and I still cant ping one gateway from another.

Ok just one more thing, you can not ping from gateway machine you need to be on pc behind the gateway and firewall. Pinging between gateway does not work.

regards, pchammer

Why not?

I don't know why but i think it's writen in the how to of frees/wan, and i have tryed it and it does not work, but if work fine from pc behind the vpn gateway.

regards, PcKammer