<html><head></head><body bgcolor="#FFFFFF"><div>Disabled<br><br><br></div><div><br>On Aug 15, 2012, at 10:50 PM, Muhammad El-Sergani <<a href="mailto:msergani@gmail.com">msergani@gmail.com</a>> wrote:<br><br></div><div>
</div><blockquote type="cite"><div><p>SELinux?</p>
<p>Sent from my Galaxy Tab<br>
</p>
<div class="gmail_quote">On Aug 16, 2012 4:18 AM, "Luis Nagaki" <<a href="mailto:luis.nagaki@gmail.com">luis.nagaki@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
and im on<br>
<br>
openswan-2.6.37-3.fc17.x86_64<br>
<br>
fedora server and centos client<br>
<br>
On Wed, Aug 15, 2012 at 10:08 PM, Luis Nagaki <<a href="mailto:luis.nagaki@gmail.com">luis.nagaki@gmail.com</a>> wrote:<br>
> Sorry! i thought i added a link to the files.<br>
><br>
> heres the conf file on the Server<br>
><br>
> conn client_03<br>
> left=%any<br>
> leftsubnet=<a href="http://10.0.3.1/27" target="_blank">10.0.3.1/27</a><br>
> leftid=@client_03<br>
> leftsourceip=10.0.3.25<br>
> leftrsasigkey=0sAQP5m6IY...<br>
> leftnexthop=%defaultroute<br>
> right=PUBLIC IP<br>
> rightsubnet=<a href="http://10.0.1.64/28" target="_blank">10.0.1.64/28</a><br>
> rightid=@server<br>
> rightsourceip=10.0.1.69<br>
> rightrsasigkey=0sAQPRU...<br>
> rightnexthop=PUBLIC IP GATEWAY<br>
> rekey=yes<br>
> dpddelay=15<br>
> dpdtimeout=30<br>
> dpdaction=restart_by_peer<br>
> auto=start<br>
><br>
><br>
> conn server<br>
> left=%defaultroute<br>
> leftsubnet=<a href="http://10.0.3.1/27" target="_blank">10.0.3.1/27</a><br>
> leftid=@client_03<br>
> leftsourceip=10.0.3.25<br>
> leftrsasigkey=0sAQP5m...<br>
> leftnexthop=%defaultroute<br>
> right=PUBLIC IP OF SERVER<br>
> rightsubnet=<a href="http://10.1.0.64/28" target="_blank">10.1.0.64/28</a><br>
> rightid=@server<br>
> rightsourceip=10.1.0.69<br>
> rightrsasigkey=0sAQPRU...<br>
> rightnexthop=PUBLIC IP GATEWAY<br>
> rekey=yes<br>
> dpddelay=15<br>
> dpdtimeout=30<br>
> dpdaction=restart_by_peer<br>
> auto=start<br>
><br>
><br>
><br>
> config setup for server<br>
><br>
> config setup<br>
> # Debug-logging controls: "none" for (almost) none, "all" for lots.<br>
> # klipsdebug=none<br>
> # plutodebug="control parsing"<br>
> # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey<br>
> #plutostderrlog=/var/log/ipsec<br>
> protostack=netkey<br>
> listen=PUBLIC IP<br>
> virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.1.0/24,%v4:10.0.3.1/27,%v4:10.1.0.64/28,%v6:fd00::/8,%v6:fe80::/10" target="_blank">10.0.0.0/8,%v4:192.168.1.0/24,%v4:10.0.3.1/27,%v4:10.1.0.64/28,%v6:fd00::/8,%v6:fe80::/10</a><br>
> nat_traversal=yes<br>
> #virtual_private=<br>
> oe=off<br>
> # Enable this if you see "failed to find any available worker"<br>
> # nhelpers=0<br>
><br>
> #You may put your configuration (.conf) file in the "/etc/ipsec.d/"<br>
> include /etc/ipsec.d/*.conf<br>
><br>
><br>
> config setup on client<br>
><br>
> config setup<br>
> # Debug-logging controls: "none" for (almost) none, "all" for lots.<br>
> #klipsdebug=all<br>
> #plutodebug="control parsing"<br>
> # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey<br>
> plutostderrlog=/var/log/ipsec<br>
> protostack=netkey<br>
> nat_traversal=yes<br>
> #virtual_private=<br>
> virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:10.1.0.64/28,%v4:10.0.3.1/27%v6:fd00::/8,%v6:fe80::/10" target="_blank">10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:10.1.0.64/28,%v4:10.0.3.1/27%v6:fd00::/8,%v6:fe80::/10</a><br>
> oe=off<br>
> # Enable this if you see "failed to find any available worker"<br>
> # nhelpers=0<br>
> #You may put your configuration (.conf) file in the "/etc/ipsec.d/"<br>
> and uncomment this.<br>
> include /etc/ipsec.d/*.conf<br>
><br>
> Now the tunnel is up.. i can confirm..<br>
><br>
> please note that on the Server i have VRRP / HA on both the internal<br>
> Nic and the External Nic as well<br>
><br>
> so Internal VIP ----Server ---- External VIP ---------Cloud /<br>
> Internet--------External IP of Router ---- Internal IP(DHCP)<br>
> ----Client----Internal Static IP from Right / Client side needs to<br>
> reach..<br>
><br>
> routes are in place etc<br>
><br>
> hope that helps!<br>
><br>
><br>
><br>
> On Wed, Aug 15, 2012 at 9:52 PM, Muhammad El-Sergani <<a href="mailto:msergani@gmail.com">msergani@gmail.com</a>> wrote:<br>
>> Hello Luis,<br>
>><br>
>> I think you need to describe your network and provide your configuration<br>
>> files with some IPs, for someone to be able to help.<br>
>><br>
>> Sent from my Galaxy Tab<br>
>><br>
>> On Aug 16, 2012 3:13 AM, "Luis Nagaki" <<a href="mailto:luis.nagaki@gmail.com">luis.nagaki@gmail.com</a>> wrote:<br>
>>><br>
>>> Guys,<br>
>>><br>
>>> so weird.. using Fedora 17 with the latest openswan that comes with it<br>
>>> and i am able to get a connection going. the tunnel is confirmed up<br>
>>> and i can see in tcpdump the ping and anything else going through. BUT<br>
>>> nothig happens. ping or ssh wont work. iptables has been stopped so no<br>
>>> firewalls.<br>
>>> _______________________________________________<br>
>>> <a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
>>> <a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
>>> Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
>>> Building and Integrating Virtual Private Networks with Openswan:<br>
>>> <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
</blockquote></div>
</div></blockquote></body></html>