[Openswan Users] openswan and red hat enterprise

Paul Wouters paul at xelerance.com
Fri Apr 2 11:41:59 CEST 2004


On Fri, 2 Apr 2004, Stephen Wong wrote:

> With exact the same config, and change to preshare secret instead of X509
> certificate, the connection can then be successfully established 

Then you will likely still have an error in your certificate setup.

> but cannot
> even ping the remote host.  Tcpdump found no packet except the esp packets.
> I suppose the esp packet will be decoded to normal packets when it goes in
> the vpn server.

These are other problems. Run 'ipsec verify' on the vpnserver for some hints.
This could be a firewalling issue, a forwarding issue, or a packet mangle issue
(NATing ipsec packets by accident), etc etc.

Paul
 
> Please kindly help.
> 
> Thanks.
> 
> ----- Original Message ----- 
> From: "Paul Wouters" <paul at xelerance.com>
> To: "Stephen Wong" <stephen.wong at avacue.com>
> Cc: <users at lists.openswan.org>
> Sent: Thu, Apr 01, 2004 20:10
> Subject: Re: [Openswan Users] openswan and red hat enterprise
> 
> 
> > On Thu, 1 Apr 2004, Stephen Wong wrote:
> >
> > > conn rwarrior
> > >         leftsubnet=10.0.0.0/8
> > >         auto=add
> > >         pfs=yes
> >
> > I dont think you mean to say that the roadwarrior has the entire 10/8
> > space behind it. I also didn't see any virtual_private line or a
> > subnetwithin statement anywhere.
> >
> > Read the X.509 documentation on how to configure one of those.
> >
> > Paul
> >
> 

-- 
It's amazing how quickly someone can go from talking about being on the
cutting edge, and fighting for freedom and liberty and information wants
to be free, to becoming a total right wing reactionary censorship wacko,
if naked girls are involved.        --- Aaron, producer of haxxxor



More information about the Users mailing list