To add upon the previous quandary, correct me if I'm wrong. After the SA tunnel is established, shouldn't traffic I send via a browser on a server be seen through port 500 or 4500? As of right now, all traffic is still heading through 80, at least when I run the following commands:<div>
<br></div><div><div>tcpdump -i eth0 -n -p port 80</div></div><div><div>tcpdump -i eth0 -n -p udp port 500 or udp port 4500</div></div><div><br></div><div>Which makes me think of two things:<div>1) How do I actually force traffic to go through those ports (as I then have been testing wrong all this time)</div>
<div>2) What's wrong with my Openswan connection that's causing traffic not to go through?</div><div><br></div><div>-James<br><br><div class="gmail_quote">On Fri, Sep 23, 2011 at 11:27 AM, James Nelson <span dir="ltr"><<a href="mailto:james.nelson.ii@gmail.com">james.nelson.ii@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">I promise, once this gets up, there will be celebrations with rainbows and puppies and kittens and cocktails. Okay, so it'll probably be just cocktails. <div>
<br></div><div>Same setup as my previous posts, with an Amazon EC2 to Client connection. When I establish the conn, here is my response:</div>
<div><br></div><div><div>104 "ec2check" #6: STATE_MAIN_I1: initiate</div><div>106 "ec2check" #6: STATE_MAIN_I2: sent MI2, expecting MR2</div><div>108 "ec2check" #6: STATE_MAIN_I3: sent MI3, expecting MR3</div>
<div>004 "ec2check" #6: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}</div><div>117 "ec2check" #7: STATE_QUICK_I1: initiate</div>
<div>003 "ec2check" #7: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME msgid=a4bbfe57</div><div>004 "ec2check" #7: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP/NAT=>0xbcd53ec2 <0x6981795a xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none DPD=none}</div>
<div><br></div><div>In the .conf, nat_traversal=yes & forceencaps=yes. Using Amazon with Openswan, shouldn't I be expecting NATD to say something other than none? Don't my packets need to be NATed when using an Elastic IP with EC2? I believe that the client firewall is expecting NATed traffic to hit their firewall, which might be why nothing is getting through. Or if this is correct, what should I be expecting? </div>
<div><br></div><font color="#888888">-- James <br>
</font></div><div><br></div><div>PS Is there a donation page somewhere? </div></blockquote></div>
</div></div>