strange problem using vpn between freeswan and racoon

From: Marc Willmann (marc_hl_at_gmx.de)
Date: 01/30/04 

Date: Fri, 30 Jan 2004 22:28:16 +0100

Hi there,

I'm working on a vpn between a Mac OS X roadwarrior and a frees/wan gateway
on a linux box. The connection using x509 certificates already works, but I
run into a strange problem and I'm hoping anybody could help me out:

okay, here we go. The topology is the said Mac OS X road-warrior, which uses
a dialup-connection with a dynamic ip, the authentication is done by racoon.
The vpn-gateway has a public ip-address and behind them there is a network
with the private addresses 192.168.1.0/24.

The roadwarrior already connects to the server and the authentication works
fine. I can ping every host in the 192.168.1.0/24 network from the
roadwarrior. But - and here it goes strange: I cannot use any other services
like http or ssh to these hosts?!

I played a little with the packet size and tried to send large
icmp-echo-requests - up to 5000 Byte they works fine, so I don't expect any
problems here.

As I see while tcpdump the ipsec0-device on the vpn-gateway, the pings and
other requests (http, ssh, ...) comes right through the tunnel. When I ping
from a host behind the gateway to the dynamic ip of the roadwarrior, it also
goes through the ipsec-tunnel.

Does anybody have a clue why other services than icmp does not work? Thank
you in advance for any hint.

Greets

Marc