[Openswan Users] Problem with ipsec routing!!
ONAY, Gabriel
G.Onay at ove.at
Thu Dec 2 14:11:31 CET 2004
Dear all
I have a vpn connection that only works in a direction.
Configuration:
GW-Left:
Suse 9.2 (kernel 2.6.8-24.3-default)
Openswan 2.2.0
Susefirewall 3.2
GW-Right:
Suse 7.3 (kernel 2.4-18)
freeswan 1.98b
Susefirewall
PC-Left/Right
Windows XP SP1
| PC-Left |------------| GW-Left|--------------<Router>-------------|
GW-Right |------------| PC-Right |
ISAKMP SA is established, also key-exchange seems to work.
A ping from PC-Right to PC-Left works fine, put a ping from PC-Left to
PC-Right works not.
ipsec.conf
plutodebug=none
# Certificate Revocation List handling
#crlcheckinterval=600
#strictcrlpolicy=yes
# Change rp_filter setting, default = 0 (switch off)
rp_filter=%unchanged
# Switch on NAT-Traversal (if patch is installed)
nat_traversal=yes
interfaces=%defaultroute
#forwardcontrol=yes
# default settings for connections
conn %default
# Default: %forever (try forever)
#keyingtries=3
# Sig keys (default: %dnsondemand)
#leftrsasigkey=%cert
#rightrsasigkey=%cert
# Lifetimes, defaults are 1h/8hrs
#ikelifetime=20m
#keylife=1h
#rekeymargin=8m
left=%defaultroute
compress=no
# Add connections here
# sample VPN connection
conn kbs-test
type=tunnel
auth=esp
# Left security gateway, subnet behind it, next hop toward right.
left=83.0.0.51
leftsubnet=10.0.0.64/26
leftnexthop=83.0.0.49
# Right security gateway, subnet behind it, next hop toward left.
right=83.0.0.52
rightsubnet=10.0.0.192/26
rightnexthop=83.0.0.49
# To authorize this connection, but not actually start it, at startup,
# uncomment this.
auto=start
authby=secret
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
Any ideas about that?
Greetings,
Gabriel
More information about the Users
mailing list