<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
"urn:schemas-microsoft-com:vml" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR><!--[if !mso]>
<STYLE>v\:* {
BEHAVIOR: url(#default#VML)
}
o\:* {
BEHAVIOR: url(#default#VML)
}
w\:* {
BEHAVIOR: url(#default#VML)
}
.shape {
BEHAVIOR: url(#default#VML)
}
</STYLE>
<![endif]-->
<STYLE>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
pre
{margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.EstiloCorreioElectrnico18
{mso-style-type:personal;
font-family:Arial;
color:windowtext;}
span.EstiloCorreioElectrnico19
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:595.3pt 841.9pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.Section1
{page:Section1;}
-->
</STYLE>
</HEAD>
<BODY lang=PT vLink=purple link=blue bgColor=#ffffff>
<DIV><FONT face=Verdana size=2>I'm running openswan 1.0.7. I had the same
problem. I was told to lower the MTU. I did set the MTU of ipsec0 to
1400 with overridemtu=1400 on the config section. I think overridemtu
doesn't work on openswan 2.x. But you can try to lower the MTU on the eth
interface.</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=luis.rodrigues@netgraf.com
href="mailto:luis.rodrigues@netgraf.com">Luis Rodrigues</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=users@openswan.org
href="mailto:users@openswan.org">users@openswan.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Monday, October 04, 2004 4:59
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> RE: [Openswan Users] Can ping,
but can't do anything else</DIV>
<DIV><BR></DIV>
<DIV class=Section1>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">OK, at least I’m not the only one
with this problem. I’ve found this in the mailing
list:<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">It’s from P,
</SPAN></FONT>ipsec at dogclan.com .<o:p></o:p></P>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt">Anyone with an answer?</SPAN></FONT><FONT face=Arial
color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P><PRE><I><FONT face="Courier New" size=2><SPAN style="FONT-SIZE: 10pt; FONT-STYLE: italic">The tunnels come up and I can ping across the vpn with no problem. I <o:p></o:p></SPAN></FONT></I></PRE><PRE><I><FONT face="Courier New" size=2><SPAN style="FONT-SIZE: 10pt; FONT-STYLE: italic">can ping from a client machine to another client, ect. But that's it. <o:p></o:p></SPAN></FONT></I></PRE><PRE><I><FONT face="Courier New" size=2><SPAN style="FONT-SIZE: 10pt; FONT-STYLE: italic">I can do anthing else. Cant access shares, can't connect via remote <o:p></o:p></SPAN></FONT></I></PRE><PRE><I><FONT face="Courier New" size=2><SPAN style="FONT-SIZE: 10pt; FONT-STYLE: italic">desktop, can't connect to another remote admin program I've installed <o:p></o:p></SPAN></FONT></I></PRE><PRE><I><FONT face="Courier New" size=2><SPAN style="FONT-SIZE: 10pt; FONT-STYLE: italic">for testing, can't connect to a mail server that's on the other side of <o:p></o:p></SPAN></FONT></I></PRE><PRE><I><FONT face="Courier New" size=2><SPAN style="FONT-SIZE: 10pt; FONT-STYLE: italic">the vpn. It seems the only thing I can do is ping. I'm not getting any <o:p></o:p></SPAN></FONT></I></PRE><PRE><I><FONT face="Courier New" size=2><SPAN style="FONT-SIZE: 10pt; FONT-STYLE: italic">firewall hits if I watch /var/log/messages while trying to use any of <o:p></o:p></SPAN></FONT></I></PRE><PRE><I><FONT face="Courier New" size=2><SPAN style="FONT-SIZE: 10pt; FONT-STYLE: italic">the previously mentions apps so I'm sure it's not firewall stopping it. <o:p></o:p></SPAN></FONT></I></PRE><PRE><I><FONT face="Courier New" size=2><SPAN style="FONT-SIZE: 10pt; FONT-STYLE: italic">I've tried running the app from subnet 1 and run tcpdump on eth1 on <o:p></o:p></SPAN></FONT></I></PRE><PRE><I><FONT face="Courier New" size=2><SPAN style="FONT-SIZE: 10pt; FONT-STYLE: italic">gateway 2 and I see the packets going across that interface. At this <o:p></o:p></SPAN></FONT></I></PRE><PRE><I><FONT face="Courier New" size=2><SPAN style="FONT-SIZE: 10pt; FONT-STYLE: italic">point I'm pretty stumped.<o:p></o:p></SPAN></FONT></I></PRE>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt">Anyone with an answer?</SPAN></FONT><FONT face=Arial
color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<DIV>
<DIV class=MsoNormal style="TEXT-ALIGN: center" align=center><FONT
face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt">
<HR tabIndex=-1 align=center width="100%" SIZE=2>
</SPAN></FONT></DIV>
<P class=MsoNormal><B><FONT face=Tahoma size=2><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">De:</SPAN></FONT></B><FONT
face=Tahoma size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">
users-bounces@openswan.org [mailto:users-bounces@openswan.org] <B><SPAN
style="FONT-WEIGHT: bold">Em nome de </SPAN></B>Luis Rodrigues<BR><B><SPAN
style="FONT-WEIGHT: bold">Enviada:</SPAN></B> segunda-feira, 4 de Outubro de
2004 16:26<BR><B><SPAN style="FONT-WEIGHT: bold">Para:</SPAN></B>
users@openswan.org<BR><B><SPAN style="FONT-WEIGHT: bold">Assunto:</SPAN></B>
[Openswan Users] Can ping, but can't do anything
else</SPAN></FONT><o:p></o:p></P></DIV>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoPlainText><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt">I’ve sent this mail to the list, but no one reply’ed
it. Can anyone help me?<o:p></o:p></SPAN></FONT></P>
<P class=MsoPlainText><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt">I’ve been working on this for weeks now, and i’m
getting desperate!<o:p></o:p></SPAN></FONT></P>
<P class=MsoPlainText><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoPlainText><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoPlainText><I><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-STYLE: italic"><o:p> </o:p></SPAN></FONT></I></P>
<P class=MsoPlainText><I><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-STYLE: italic">I've found something quite strange
with tcpdump.<o:p></o:p></SPAN></FONT></I></P>
<P class=MsoPlainText><I><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-STYLE: italic"><o:p> </o:p></SPAN></FONT></I></P>
<P class=MsoPlainText><I><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-STYLE: italic">using tcpdump in the eth0, the one
that connects to the router, i found out that when i ping the remote
host, i can see the (at lesat i think it is) ESP packets going, but the reply
packets come in the clear, marked with icmp
reply.<o:p></o:p></SPAN></FONT></I></P>
<P class=MsoPlainText><I><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-STYLE: italic"><o:p> </o:p></SPAN></FONT></I></P>
<P class=MsoPlainText><I><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-STYLE: italic">Is this
normal?<o:p></o:p></SPAN></FONT></I></P>
<P class=MsoPlainText><I><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-STYLE: italic"><o:p> </o:p></SPAN></FONT></I></P>
<P class=MsoPlainText><I><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-STYLE: italic">The strange thing is that icmp
works no matter what routing setup i test, but nothing else works. I really
need to use windows machines, and i have a big problem on my
hands.....<o:p></o:p></SPAN></FONT></I></P>
<P class=MsoPlainText><I><FONT face="Courier New" color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-STYLE: italic"><o:p> </o:p></SPAN></FONT></I></P>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></P></DIV>
<P>
<HR>
<P></P>_______________________________________________<BR>Users mailing
list<BR>Users@openswan.org<BR>http://lists.openswan.org/mailman/listinfo/users<BR></BLOCKQUOTE></BODY></HTML>