[Openswan Users] Can't ping
Deepak Naidu
deepak_nai at yahoo.com
Mon Jun 6 16:58:05 CEST 2005
If you get the below message, check secure and message
logs for error, they may be jitty errors, easy.
010 "mrc-to-hope" #16: STATE_QUICK_I1: retransmission;
will wait 20s
Try stopping the ipsec service for some time on both
place, then initiate connection from one side then the
other.
Regarding ping try to ping from the LOCAL LAN
interface and ie.
Assume eth0 as LOCAL LAN -- WITH LOCAL IP
Assume eth1 as EXTERNAL INTERFACE -- WITH PUBLIC IP
#ping -I eth0 192.168.10.1
#ping -I eth0 192.168.2.1
Bcos ping takes ur eth1(PUBLIC IP) for ping, ann then
other net knows u as 192.168.1.0 network or
192.168.2.0 network respective
If this is not the issue , then sorry for
misleading...
Regards,
Deepak Naidu.
--- simprix <simprix at simprix.net> wrote:
> I am trying to setup a net-to-net connection. It
> worked under linux 2.4
> with openswan 1.0.7. I am using gentoo
>
> Configs------
>
> MRC
>
> ipsec.conf
>
>
> version 2.0 # conforms to second version of
> ipsec.conf specification
>
> # basic configuration
> config setup
>
> #Disable Opportunistic Encryption
> include /etc/ipsec/ipsec.d/examples/no_oe.conf
> include /etc/ipsec/mrc-to-hope.conf
>
> mrc-to-hope.conf
>
> conn mrc-to-hope
> left=134.215.193.94
> leftsubnet=192.168.10.0/24
> leftid=@gw001.cdsoc.org
> leftrsasigkey=.....
> leftnexthop=%defaultroute
> right=134.215.193.86
> rightsubnet=192.168.2.0/24
> rightid=@gw003.cdsoc.org
> rightrsasigkey=...
> rightnexthop=%defaultroute
> authby=rsasig
> auto=start
>
>
> HOPE
>
> ipsec.conf
>
> version 2.0 # conforms to second version of
> ipsec.conf specification
>
> # basic configuration
> config setup
> # Debug-logging controls: "none" for
> (almost) none, "all" for
> lots.
> # klipsdebug=none
> # plutodebug="control parsing"
>
>
> #Disable Opportunistic Encryption
> include /etc/ipsec/ipsec.d/examples/no_oe.conf
> include /etc/ipsec/hope-to-mrc.conf
>
>
> conn hope-to-mrc
> left=134.215.193.86
> leftsubnet=192.168.2.0/24
> leftid=@gw003.cdsoc.org
> leftrsasigkey=....
> leftnexthop=%defaultroute
> right=134.215.193.94
> rightsubnet=192.168.1.0/24
> rightid=@gw001.cdsoc.org
> rightrsasigkey=....
> rightnexthop=%defaultroute
> authby=rsasig
> auto=start
>
> Here is the no-oe.conf file
>
> conn block
> auto=ignore
>
> conn private
> auto=ignore
>
> conn private-or-clear
> auto=ignore
>
> conn clear-or-private
> auto=ignore
>
> conn clear
> auto=ignore
>
> conn packetdefault
> auto=ignore
>
>
>
> When i try to establish the connection with ipsec
> auto --up mrc-to-hope
> I get this
>
> 104 "mrc-to-hope" #15: STATE_MAIN_I1: initiate
> 106 "mrc-to-hope" #15: STATE_MAIN_I2: sent MI2,
> expecting MR2
> 108 "mrc-to-hope" #15: STATE_MAIN_I3: sent MI3,
> expecting MR3
> 004 "mrc-to-hope" #15: STATE_MAIN_I4: ISAKMP SA
> established
> 112 "mrc-to-hope" #16: STATE_QUICK_I1: initiate
> 010 "mrc-to-hope" #16: STATE_QUICK_I1:
> retransmission; will wait 20s for
> response
>
>
> Links to ipsec barf for sites
>
> MRC
>
> http://pastebin.ca/13540
>
> HOPE
>
> http://pastebin.ca/13542
>
>
>
> Again, Thanks for the help
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
Linux your Life, Don't Window it [[]]
{ All for the best }
___________________________________________________________
Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com
More information about the Users
mailing list