<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<html>
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 10 (filtered)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<div>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Hi,</span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>With Fedora Core 1 and 2, these firewall
rules allowed my VPN it to work properly (although it is not a road warrior
configuration):</span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'>/sbin/iptables -t nat -I
POSTROUTING -o eth0 -p esp -j ACCEPT</span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'>/sbin/iptables -t nat -I
POSTROUTING -o eth0 -p ah -j ACCEPT</span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>With Fedora Core 3, I can no longer get any
connections working and I get this error (my advice is to stay away from Core
3):</span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'>112 "voco" #51:
STATE_QUICK_I1: initiate<br>
003 "voco" #51: ERROR: netlink response for Add SA comp.630b@82.161.X.XX
included errno 22: Invalid argument</span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I hope this helps.</span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Regards,</span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Richard</span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> </span></font></p>
</div>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>
<b><span style='font-weight:bold'>From:</span></b> users-bounces@openswan.org
[mailto:users-bounces@openswan.org] <b><span style='font-weight:bold'>On Behalf
Of </span></b>Vemcontact<br>
<b><span style='font-weight:bold'>Sent:</span></b> </span></font><font size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Monday,
November 15, 2004</span></font><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'> </span></font><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>5:01 PM</span></font><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'><br>
<b><span style='font-weight:bold'>To:</span></b> users@openswan.org<br>
<b><span style='font-weight:bold'>Subject:</span></b> [Openswan Users]
OpenS/WAN (dynamic IP) <-> FreeS/WAN</span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> </span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><br>
We have also been experiencing what we believe is the problem reported by Itai
Tavor on the list. An Openswan roadwarrior configuration under Fedora
Core 1 and early Fedora Core 2 kernels connected properly to an Astaro
(Frees/wan-based) IPSEC gateway, but under later Fedora Core 2 kernels and
Fedora Core 3, the connection no longer works. The ISAKAMP SA is
established, but it is impossible to ping or otherwise contact the remote
gateway.<br>
<br>
Like Itai, we have spent a great deal of time debugging this issue using
various Openswan-packaged RPMs, Fedora Project-packaged RPMs, Strongswan, and
Openswan built from CVS -- all to no avail. Does anyone have a
functioning roadwarrior setup under Fedora Core 3? If so, could you post
your ipsec.conf and updown scripts, and any other info needed to get the
connection working? </span></font></p>
</div>
</body>
</html>