[Openswan Users] Problem of ping

Jérémie Wetzler jwetzler at reseaux-bureautique.com
Tue Aug 17 12:24:28 CEST 2004


I come back to you because I feel lost...

I cannot understand why the connection works perfectly in a LAN and why it
doesn't work on Internet. I send you the Oakley.log from my Windows. 

This is the ipsec.conf from my Windows XP:

##conn %default
##	dial=Free RTC
conn roadwarrior
	# left <=> mon ip du windows client derrière un eventuel LAN
      left=%any
	leftnexthop=82.66.118.170
	#rightnexthop=%defaultroute
	# Ip du serveur du coté du client windows
      right=82.66.118.170
	rightsubnet=10.0.0.0/24
	# Contenu du certificat: openssl x509 -in demoCA/cacert.pem -noout
-subject
      rightca="C=FR, S=France, L=Montreuil, O=RXBURO, CN=jeremie,
Email=jwetzler at reseaux-bureautique.com"
      network=auto
      auto=start
      pfs=yes

conn roadwarrior-net
	#left <=> mon ip personnel du windows derrière un eventuel LAN
	left=%any
	# right <=> ip publique du firewall
      right=82.66.118.170
      rightsubnet=10.0.0.0/24
	#leftnexthop=82.66.118.170
	#rightnexthop=%defaultroute
   	rightca="C=FR, S=France, L=Montreuil, O=RXBURO, CN=jeremie,
Email=jwetzler at reseaux-bureautique.com"
	network=auto
	auto=start
	pfs=yes


the ipsec from the gateway:

version 2.0

config setup
        interfaces=%defaultroute
        #interfaces="ipsec0=eth0"
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/24

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-net
        # leftsubnet <=> reseau interne derriere le windows
        #leftsubnet=192.1.0.0/24
        leftsubnet=10.0.0.0/24
        also=roadwarrior

conn roadwarrior
        # left<=>ip du windows a l'interieur du subnet
        #left=%defaultroute
        left=10.0.0.2
        leftcert=freeswan.pem
        # right<=>ip de la patte du serveur vers le windows (ip publique)
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add
        pfs=yes

conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior

include /etc/ipsec.d/examples/no_oe.conf


I use NAT in the LAN but I put nat_traversal=yes... all certificates seem to
be good. 

I want to reach from a roadwarrior the network 10.0.0.0/24. If you have any
suggestions...

Jérémie

-----Message d'origine-----
De : Paul Wouters [mailto:paul at xelerance.com] 
Envoyé : jeudi 12 août 2004 20:38
À : Jérémie Wetzler
Cc : users at lists.openswan.org
Objet : RE: [Openswan Users] Problem of ping

On Thu, 12 Aug 2004, Jérémie Wetzler wrote:

> Now it's ok ! with this configuration. However, when I test this over
> Internet it doesn't work...
> I have a NAT server. It always says "Negotiating IP policy" but never
pings.

Again, look at the exact log errors on the Openswan end. And if that doesn't
make it clear, in the oakley.log on the windows machine.

Paul 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: oakley.log
Type: application/octet-stream
Size: 54070 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20040817/2f342c2b/oakley-0001.obj


More information about the Users mailing list