The Subnet between inner-router and firewall has the range 192.168.51.0/24.
...
Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 195.90.31.254 0.0.0.0 UG 40 0 0 eth0 193.159.64.92 190.91.41.254 255.255.255.255 UGH 40 0 0 ipsec0 190.91.41.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0 190.91.41.0 0.0.0.0 255.255.255.0 U 40 0 0 ipsec0
I can't find a route to the "inner router" in the subnet 192.168.51.0/24 given above. Can you ping the hosts in 192.168.0.0/16 from the firewall? If not, then it won't possible through the VPN.
up-client:) # connection to my client subnet coming up # If you are doing a custom version, firewall commands go here. iptables -I FORWARD 1 -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT iptables -I FORWARD 1 -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT Did you configure the left/right-protoports in ipsec.conf? Maybe you can post your ipsec.conf.
`iptables -L -nv` shows the packet counter of the rules. You can check, if the rules are hit. tcpdump is always a big help to see, if packets leave or arrive at your firewall. Bernhard