<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
Hello guys,<br>
<br>
i am a newbie about openswan and a support service ask me to create a
VPN connection with them using just only public IP addresses.<br>
<br>
So i'm trying from several days to establish the following connection (
in a simulated network environment)<br>
<br>
left subnet ----------------->left VPN gw
---------------------------------> right VPN gw
------------------> right subnet<br>
88.xxx.yyy.abc/32 --------->88.xxx.yyy.rst
-------------------------------> 85.ttt.www.npq
------------------> 85.ttt.www.def/32<br>
<br>
where<br>
<br>
88.xxx.yyy is the same subnet for VPN gw and left subnet and the same
is for 85.ttt.www.<br>
<br>
left and right subnets has 88.xxx.yyy.rst and 85.ttt.ww.npq as their
own network gateways respectively.<br>
<br>
Both Vpn gateways, in the simulated network environment, have openswan
2.49 on linux kernel 2.6.24-19 and shorewall 4.0.6 as firewall<br>
The two subnet hosts have linux kernel 2.6.24-19 and shorewall 4.0.6 as
firewall.<br>
<br>
I can establish the VPN connection between gateways as resulting from
message :<br>
<br>
ipsec auto --status<br>
....<br>
root@rightvpngw:~# #428: "VpnTest":500 STATE_QUICK_R2 (IPsec SA
established); EVENT_SA_REPLACE in 1256s; newest IPSEC; eroute owner<br>
000 #428: "VpnTest" <a class="moz-txt-link-abbreviated" href="mailto:esp.ee70e6eb@85.ttt.www.npq">esp.ee70e6eb@85.ttt.www.npq</a>
<a class="moz-txt-link-abbreviated" href="mailto:esp.b66eb69d@88.xxx.yyy.rst">esp.b66eb69d@88.xxx.yyy.rst</a> <a class="moz-txt-link-abbreviated" href="mailto:tun.0@85.ttt.www.npq">tun.0@85.ttt.www.npq</a> <a class="moz-txt-link-abbreviated" href="mailto:tun.0@88.xxx.yyy.rst">tun.0@88.xxx.yyy.rst</a><br>
000 #426: "VpnTest":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA
established); EVENT_SA_REPLACE in 826s; newest ISAKMP; lastdpd=-1s(seq
in:0 out:0)<br>
root@rightvpngw:~# 000 #428: "VpnTest" <a class="moz-txt-link-abbreviated" href="mailto:esp.ee70e6eb@85.ttt.www.npq">esp.ee70e6eb@85.ttt.www.npq</a>
<a class="moz-txt-link-abbreviated" href="mailto:esp.b66eb69d@88.xxx.yyy.rst">esp.b66eb69d@88.xxx.yyy.rst</a> <a class="moz-txt-link-abbreviated" href="mailto:tun.0@85.ttt.www.npq">tun.0@85.ttt.www.npq</a> <a class="moz-txt-link-abbreviated" href="mailto:tun.0@88.xxx.yyy.rst">tun.0@88.xxx.yyy.rst</a><br>
<br>
but it seems I cannot reach the two hosts in the subnets.<br>
<br>
I check the firewall and i found no reject or drop messages, so i think
it is a routing problem<br>
<br>
Is anyone can help me asap?<br>
<br>
Thanks in advance and Regards.<br>
<div class="moz-signature"><br>
<br>
-- <br>
<font face="Arial,Sans Serif,Verdana" size="-1">_________________________________________________
<br>
<b><i>Gianni Socionovo</i></b>
<br>
<font color="#006600"><i></i></font><br>
<hr>
<br>
Le informazioni contenute nella presente comunicazione e i relativi
allegati possono essere riservate e sono, comunque, destinate
esclusivamente alle persone o alla Societą sopraindicate. La
diffusione, distribuzione e/o copiatura del documento trasmesso da
parte di qualsiasi soggetto diverso dal destinatario č proibita, sia ai
sensi dell’art. 616 c.p. , che ai sensi del D.Lgs. n. 196/2003. Se
avete ricevuto questo messaggio per errore, vi preghiamo di
distruggerlo e di informare il mittente. <br>
<br>
The information in this e-mail is confidential and may also be legally
privileged. It is intended for the addressee only. Unauthorized
recipients are required to maintain confidentiality. If you have
received this e-mail in error please notify us immediately, destroy any
copies. Any use, dissemination, forwarding, printing or copying of this
e-mail is prohibited in accordance with art. 616 of the Penal Code and
Legislative Decree N° 196 of 2003. </font></div>
</body>
</html>