<div>Did you turn ip_forward on? </div>
<div>ip_forward should be 1 instead of 0 on the openswan host.</div>
<div> </div>
<div><br><br> </div>
<div><span class="gmail_quote">On 10/19/05, <b class="gmail_sendername">Lelio Parisi</b> <<a href="mailto:piccololean@yahoo.it">piccololean@yahoo.it</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">I've succesfully installed openswan with klips (thanks<br>to Paul Wouters and David Coulson). Now I have the
<br>ipsecx interfaces without the segmentation fault.<br>As I said some days ago, I've a pix on a site and<br>openswan on the other. The subnet behind pix is<br>10.0.0.x and the subnet behind openswan is 192.168.0.x<br>The SA is established well but the pc
192.168.0.x<br>doesn't ping the 10.0.0.x<br>I think that the access-list on pix is right because I<br>can ping the 10.0.0.x if I use windows client.<br>Here's my conf (as David asks before)<br><br>version 2.0<br><br>config setup
<br> interfaces="ipsec0=ppp0"<br> klipsdebug=none<br> #plutodebug=none<br> #plutoload=%search<br> #plutostart=%search<br> uniqueids=yes<br> nat_traversal=yes<br><br>conn %default
<br> keyingtries=0<br> disablearrivalcheck=no<br> authby=secret<br><br>conn pix<br> #type = tunnel<br> left=xxx.xxx.xxx.xxx<br> leftsubnet=<a href="http://192.168.0.0/24"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.0.0" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.0.0/24
</a><br> leftprotoport=17/0<br> #leftnexthop=%defaultroute<br> right=yyy.yyy.yyy.yyy<br> rightsubnet=<a href="http://10.0.0.0/24"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "10.0.0.0" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 10.0.0.0/24</a><br> rightid=<a href="http://172.17.32.13"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "172.17.32.13" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 172.17.32.13
</a><br> rightprotoport=17/0<br> authby=secret<br> #esp=3des-md5-hmac<br> #keyexchange = ike<br> pfs=no<br> auto=add<br><br><br><br><br>___________________________________<br>Yahoo! Messenger: chiamate gratuite in tutto il mondo
<br><a href="http://it.messenger.yahoo.com">http://it.messenger.yahoo.com</a><br>_______________________________________________<br>Users mailing list<br><a href="mailto:Users@openswan.org">Users@openswan.org</a><br><a href="http://lists.openswan.org/mailman/listinfo/users">
http://lists.openswan.org/mailman/listinfo/users</a><br></blockquote></div><br>