<html><head></head><body bgcolor="#FFFFFF"><div>Disabled<br><br><br></div><div><br>On Aug 15, 2012, at 10:50 PM, Muhammad El-Sergani &lt;<a href="mailto:msergani@gmail.com">msergani@gmail.com</a>&gt; wrote:<br><br></div><div>
</div><blockquote type="cite"><div><p>SELinux?</p>
<p>Sent from my Galaxy Tab<br>
</p>
<div class="gmail_quote">On Aug 16, 2012 4:18 AM, &quot;Luis Nagaki&quot; &lt;<a href="mailto:luis.nagaki@gmail.com">luis.nagaki@gmail.com</a>&gt; wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

and im on<br>
<br>
openswan-2.6.37-3.fc17.x86_64<br>
<br>
fedora server and centos client<br>
<br>
On Wed, Aug 15, 2012 at 10:08 PM, Luis Nagaki &lt;<a href="mailto:luis.nagaki@gmail.com">luis.nagaki@gmail.com</a>&gt; wrote:<br>
&gt; Sorry! i thought i added a link to the files.<br>
&gt;<br>
&gt; heres the conf file on the Server<br>
&gt;<br>
&gt; conn client_03<br>
&gt;     left=%any<br>
&gt;     leftsubnet=<a href="http://10.0.3.1/27" target="_blank">10.0.3.1/27</a><br>
&gt;     leftid=@client_03<br>
&gt;     leftsourceip=10.0.3.25<br>
&gt;     leftrsasigkey=0sAQP5m6IY...<br>
&gt;     leftnexthop=%defaultroute<br>
&gt;     right=PUBLIC IP<br>
&gt;     rightsubnet=<a href="http://10.0.1.64/28" target="_blank">10.0.1.64/28</a><br>
&gt;     rightid=@server<br>
&gt;     rightsourceip=10.0.1.69<br>
&gt;     rightrsasigkey=0sAQPRU...<br>
&gt;     rightnexthop=PUBLIC IP GATEWAY<br>
&gt;     rekey=yes<br>
&gt;     dpddelay=15<br>
&gt;     dpdtimeout=30<br>
&gt;     dpdaction=restart_by_peer<br>
&gt;     auto=start<br>
&gt;<br>
&gt;<br>
&gt; conn server<br>
&gt;     left=%defaultroute<br>
&gt;     leftsubnet=<a href="http://10.0.3.1/27" target="_blank">10.0.3.1/27</a><br>
&gt;     leftid=@client_03<br>
&gt;     leftsourceip=10.0.3.25<br>
&gt;     leftrsasigkey=0sAQP5m...<br>
&gt;     leftnexthop=%defaultroute<br>
&gt;     right=PUBLIC IP OF SERVER<br>
&gt;     rightsubnet=<a href="http://10.1.0.64/28" target="_blank">10.1.0.64/28</a><br>
&gt;     rightid=@server<br>
&gt;     rightsourceip=10.1.0.69<br>
&gt;     rightrsasigkey=0sAQPRU...<br>
&gt;     rightnexthop=PUBLIC IP GATEWAY<br>
&gt;     rekey=yes<br>
&gt;     dpddelay=15<br>
&gt;     dpdtimeout=30<br>
&gt;     dpdaction=restart_by_peer<br>
&gt;     auto=start<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; config setup for server<br>
&gt;<br>
&gt; config setup<br>
&gt;         # Debug-logging controls:  &quot;none&quot; for (almost) none, &quot;all&quot; for lots.<br>
&gt;         # klipsdebug=none<br>
&gt;         # plutodebug=&quot;control parsing&quot;<br>
&gt;         # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey<br>
&gt;         #plutostderrlog=/var/log/ipsec<br>
&gt;         protostack=netkey<br>
&gt;         listen=PUBLIC IP<br>
&gt;         virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.1.0/24,%v4:10.0.3.1/27,%v4:10.1.0.64/28,%v6:fd00::/8,%v6:fe80::/10" target="_blank">10.0.0.0/8,%v4:192.168.1.0/24,%v4:10.0.3.1/27,%v4:10.1.0.64/28,%v6:fd00::/8,%v6:fe80::/10</a><br>


&gt;         nat_traversal=yes<br>
&gt;         #virtual_private=<br>
&gt;         oe=off<br>
&gt;         # Enable this if you see &quot;failed to find any available worker&quot;<br>
&gt;         # nhelpers=0<br>
&gt;<br>
&gt; #You may put your configuration (.conf) file in the &quot;/etc/ipsec.d/&quot;<br>
&gt; include /etc/ipsec.d/*.conf<br>
&gt;<br>
&gt;<br>
&gt; config setup on client<br>
&gt;<br>
&gt; config setup<br>
&gt;         # Debug-logging controls:  &quot;none&quot; for (almost) none, &quot;all&quot; for lots.<br>
&gt;         #klipsdebug=all<br>
&gt;         #plutodebug=&quot;control parsing&quot;<br>
&gt;         # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey<br>
&gt;         plutostderrlog=/var/log/ipsec<br>
&gt;         protostack=netkey<br>
&gt;         nat_traversal=yes<br>
&gt;         #virtual_private=<br>
&gt;         virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:10.1.0.64/28,%v4:10.0.3.1/27%v6:fd00::/8,%v6:fe80::/10" target="_blank">10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:10.1.0.64/28,%v4:10.0.3.1/27%v6:fd00::/8,%v6:fe80::/10</a><br>


&gt;         oe=off<br>
&gt;         # Enable this if you see &quot;failed to find any available worker&quot;<br>
&gt;         # nhelpers=0<br>
&gt; #You may put your configuration (.conf) file in the &quot;/etc/ipsec.d/&quot;<br>
&gt; and uncomment this.<br>
&gt; include /etc/ipsec.d/*.conf<br>
&gt;<br>
&gt; Now the tunnel is up.. i can confirm..<br>
&gt;<br>
&gt; please note that on the Server i have VRRP / HA on both the internal<br>
&gt; Nic and the External Nic as well<br>
&gt;<br>
&gt; so Internal VIP ----Server ---- External VIP ---------Cloud /<br>
&gt; Internet--------External IP of Router ---- Internal IP(DHCP)<br>
&gt; ----Client----Internal Static IP from Right / Client side needs to<br>
&gt; reach..<br>
&gt;<br>
&gt; routes are in place etc<br>
&gt;<br>
&gt; hope that helps!<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; On Wed, Aug 15, 2012 at 9:52 PM, Muhammad El-Sergani &lt;<a href="mailto:msergani@gmail.com">msergani@gmail.com</a>&gt; wrote:<br>
&gt;&gt; Hello Luis,<br>
&gt;&gt;<br>
&gt;&gt; I think you need to describe your network and provide your configuration<br>
&gt;&gt; files with some IPs, for someone to be able to help.<br>
&gt;&gt;<br>
&gt;&gt; Sent from my Galaxy Tab<br>
&gt;&gt;<br>
&gt;&gt; On Aug 16, 2012 3:13 AM, &quot;Luis Nagaki&quot; &lt;<a href="mailto:luis.nagaki@gmail.com">luis.nagaki@gmail.com</a>&gt; wrote:<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; Guys,<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; so weird.. using Fedora 17 with the latest openswan that comes with it<br>
&gt;&gt;&gt; and i am able to get a connection going. the tunnel is confirmed up<br>
&gt;&gt;&gt; and i can see in tcpdump the ping and anything else going through. BUT<br>
&gt;&gt;&gt; nothig happens. ping or ssh wont work. iptables has been stopped so no<br>
&gt;&gt;&gt; firewalls.<br>
&gt;&gt;&gt; _______________________________________________<br>
&gt;&gt;&gt; <a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
&gt;&gt;&gt; <a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
&gt;&gt;&gt; Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
&gt;&gt;&gt; Building and Integrating Virtual Private Networks with Openswan:<br>
&gt;&gt;&gt; <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
</blockquote></div>
</div></blockquote></body></html>