[Openswan Users] can't ping from subnet to subnet (isakmpd===ipsec, with PSK's)

foren titze freeswan at gmx.net
Tue Jan 27 09:32:09 CET 2004 

hello users,

i have an connection between established, so that IPsec SA established on the 
ipsec side emerges. but i can't ping in the subnets behind the gateways. 

my route on the ipsec server:
---
Destination Gateway Genmask Flags Metric Ref Use Iface 
62.96.119.128 * 255.255.255.224 U 0 0 0 eth0 
62.96.119.128 * 255.255.255.224 U 0 0 0 ipsec0 
192.168.0.0 62.96.119.129 255.255.255.0 UG 0 0 0 ipsec0 
192.168.110.0 gate2.sys 255.255.255.0 UG 0 0 0 eth1 
localnet * 255.255.255.0 U 0 0 0 eth1 
default 62.96.119.129 0.0.0.0 UG 0 0 0 eth0
---

my route on the isakmpd client:
---
213.11.144.0 * 255.255.255.192 U 0 0 0 eth0 
192.168.0.0 * 255.255.255.0 U 0 0 0 eth1 
localnet * 255.255.255.0 U 0 0 0 eth0 
default shellfish 0.0.0.0 UG 0 0 0 eth0
---

the subnets are listed in the ipsec.conf and isakmpd.conf. 

my ipsec.conf:
---
config setup 
interfaces=%defaultroute 
klipsdebug=none 
plutodebug=none 
uniqueids=yes 
plutoload=%search 
plutostart=%search 
#overridemtu=1000 

conn %default 
keyingtries=1 

conn testing-sub 
also=testing 
leftsubnet=192.168.121.0/24 
rightsubnet=192.168.0.0/24 

conn testing 
#esp=aes256-sha1 
#ike=blowfish128-sha 
auto=add 
auth=esp 
pfs=yes 
authby=secret 
right=213.11.144.34 
#leftfirewall=no 
#rightfirewall=no 
rightnexthop=213.11.144.1 
left=62.96.119.156 
leftnexthop=%defaultroute
---
and my isakmpd.conf:

[General] 
Listen-on= 213.11.144.34 

[Phase 1] 
62.96.119.156= ISAKMP-vpn-server-test 

[Phase 2] 
Connections= testing 

[ISAKMP-vpn-server-test] 
Phase= 1 
Transport= udp 
Address= 62.96.119.156 
Local-address= 213.11.44.34 
Configuration= Default-main-mode 
Authentication= test222 

[testing] 
Phase= 2 
ISAKMP-peer= ISAKMP-vpn-server-test 
Configuration= Default-quick-mode 
Local-ID= Net-east 
Remote-ID= Net-west 

#Local-ID 

[Net-west] 
ID-type= IPV4_ADDR_SUBNET 
Network= 192.168.121.0 
Netmask= 255.255.255.0 

[Net-east] 
ID-type= IPV4_ADDR_SUBNET 
Network= 192.168.0.0 
Netmask= 255.255.255.0 

####################### 
#Main mode description 
######################## 
...



thanks a lot!!

More information about the Users mailing list